[Snort-devel] Re: Bug Report
vwgtinut at ...445...
Tue Apr 22 08:52:28 EDT 2003
Running gdb/bt was a first for me I hope this is what you wanted.
>From: Martin Roesch <roesch at ...402...>
>To: "Jim Nemetz" <vwgtinut at ...445...>
>CC: snort-devel at lists.sourceforge.net
>Subject: Re: Bug Report
>Date: Sun, 20 Apr 2003 22:38:15 -0400
>-----BEGIN PGP SIGNED MESSAGE-----
>Can you run it from within gdb and backtrace it when it crashes?
>On Friday, April 18, 2003, at 06:29 PM, Jim Nemetz wrote:
>>I am getting a "Segmentation Fault" error and here are the particulars:
>>x86 Compaq 1850R PIII 500
>>Version of Snort:
>>2.0.0 (Build 72)
>>Command line switches:
>>/usr/local/bin/snort -i eth1 -o -c /etc/snort/snort.conf
>>Sorry, no core file is being produced.
>>Snort will run with the above switches with stock rules. However, when I
>>make SOME (not all) pass rules, I get the Segmentation Fault error. Here
>>is an example of one of the pass rules with the original rule:
>>web-cgi.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
>>(msg:"WEB-CGI calendar access";flow:to_server,established;
>>uricontent:"/calendar"; nocase; classtype:attempted-recon; sid:882;
>>My pass rule:
>>web-cgi.rules:pass tcp $EXTERNAL_NET any -> xxx.xxx.xxx.xxx (msg:"WEB-CGI
>>calendar access";flow:to_server,established; uricontent:"/calendar";
>>nocase; classtype:attempted-recon; sid:882; rev:4;)
>>Special Note: If I don't specify eth1 (defaults to eth0) I don't get the
>>Attached is the snort startup output, dmesg info, and the output of rpm
>>-qa. I hope this is enough for you to go on. If there is anything else I
>>can do to help you solve this please let me know.
>>Thanks a bunch!
>>Tired of spam? Get advanced junk mail protection with MSN 8.
>- -- Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
>Sourcefire: Enterprise-class Intrusion detection built on Snort
>roesch at ...402... - http://www.sourcefire.com
>Snort: Open Source Network IDS - http://www.snort.org
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (Darwin)
>-----END PGP SIGNATURE-----
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Snort-devel