[Snort-devel] Re: Bug Report

Jim Nemetz vwgtinut at ...445...
Tue Apr 22 08:52:28 EDT 2003


Running gdb/bt was a first for me I hope this is what you wanted.



>From: Martin Roesch <roesch at ...402...>
>To: "Jim Nemetz" <vwgtinut at ...445...>
>CC: snort-devel at lists.sourceforge.net
>Subject: Re: Bug Report
>Date: Sun, 20 Apr 2003 22:38:15 -0400
>Hash: SHA1
>Can you run it from within gdb and backtrace it when it crashes?
>      -Marty
>On Friday, April 18, 2003, at 06:29  PM, Jim Nemetz wrote:
>>I am getting a "Segmentation Fault" error and here are the particulars:
>>System Architecture:
>>x86 Compaq 1850R PIII 500
>>Operating System:
>>Redhat 7.3
>>Version of Snort:
>>2.0.0 (Build 72)
>>Preprocessors loaded:
>>Output plugins:
>>Command line switches:
>>/usr/local/bin/snort -i eth1 -o -c /etc/snort/snort.conf
>>Error Messages:
>>"Segmentation Fault"
>>Sorry, no core file is being produced.
>>Snort will run with the above switches with stock rules. However, when I 
>>make SOME (not all) pass rules, I get the Segmentation Fault error. Here 
>>is an example of one of the pass rules with the original rule:
>>web-cgi.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
>>(msg:"WEB-CGI calendar access";flow:to_server,established; 
>>uricontent:"/calendar"; nocase; classtype:attempted-recon; sid:882;  
>>My pass rule:
>>web-cgi.rules:pass tcp $EXTERNAL_NET any -> xxx.xxx.xxx.xxx (msg:"WEB-CGI 
>>calendar access";flow:to_server,established; uricontent:"/calendar"; 
>>nocase; classtype:attempted-recon; sid:882;  rev:4;)
>>Special Note: If I don't specify eth1 (defaults to eth0) I don't get the 
>>Attached is the snort startup output, dmesg info, and the output of rpm 
>>-qa. I hope this is enough for you to go on. If there is anything else I 
>>can do to help you solve this please let me know.
>>Thanks a bunch!
>>Tired of spam? Get advanced junk mail protection with MSN 8. 
>- -- Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
>Sourcefire: Enterprise-class Intrusion detection built on Snort
>roesch at ...402... - http://www.sourcefire.com
>Snort: Open Source Network IDS - http://www.snort.org
>Version: GnuPG v1.2.1 (Darwin)

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort_gdb_bt_1.txt
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030422/29c6fdd4/attachment.txt>

More information about the Snort-devel mailing list