[Snort-devel] Snort Core dumping

Cory Michal cmichal at ...1978...
Tue May 13 06:16:10 EDT 2003


I'm using snort 2.0 and postgresql-7.2.1.

I created the tables exactly from the sql that came with snort.
Here is what my snort db looks like. A describe of event is at the bottom.

snort=# \d
                   List of relations
              Name               |   Type   |  Owner
---------------------------------+----------+----------
 acid_ag                         | table    | postgres
 acid_ag_ag_id_seq               | sequence | postgres
 acid_ag_alert                   | table    | postgres
 acid_event                      | table    | postgres
 acid_ip_cache                   | table    | postgres
 data                            | table    | postgres
 detail                          | table    | postgres
 encoding                        | table    | postgres
 event                           | table    | postgres
 flags                           | table    | postgres
 icmphdr                         | table    | postgres
 iphdr                           | table    | postgres
 opt                             | table    | postgres
 reference                       | table    | postgres
 reference_ref_id_seq            | sequence | postgres
 reference_sys_ref_system_id_seq | sequence | postgres
 reference_system                | table    | postgres
 schema                          | table    | postgres
 sensor                          | table    | postgres
 sensor_sid_seq                  | sequence | postgres
 services                        | table    | postgres
 sig_class                       | table    | postgres
 sig_class_sig_class_id_seq      | sequence | postgres
 sig_reference                   | table    | postgres
 signature                       | table    | postgres
 signature_sig_id_seq            | sequence | postgres
 tcphdr                          | table    | postgres
 udphdr                          | table    | postgres
(28 rows)

snort=# \d event
                    Table "event"
  Column   |            Type             | Modifiers
-----------+-----------------------------+-----------
 sid       | integer                     | not null
 cid       | bigint                      | not null
 signature | integer                     | not null
 timestamp | timestamp without time zone | not null
Indexes: signature_idx,
         timestamp_idx
Primary key: event_pkey


It also core dumped again yesterday here is that output
Deprecated bfd_read called at
/usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line
933 in fill_symbuf

Core was generated by `snort'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpcap.so.2...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libpq.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x8066498 in mwmSearchExNoBC (ps=0x9759000, Tx=0x809c060
"/INDEX.CGI?1|3635979540|CO1TER\003COM", n=27, Tc=0x8123de0
"/index.cgi?1|3635979540|CO1",
    match=0x805d684 <otnx_match>, data=0x809bf34) at mwm.c:905
905                   if( patrn->psPatCase[0] == Tc[T-Tx] )

Thanks,
Cory Michal
cmichal at ...1978...
920.203.2622

Exceed Security Systems


-----Original Message-----
From: Chris Green [mailto:cmg at ...402...]
Sent: Monday, May 12, 2003 9:09 AM
To: Cory Michal
Subject: Re: [Snort-devel] Snort Core dumping


"Cory Michal" <cmichal at ...1978...> writes:

> I'm running Snort 2.0 on FreeBSD 4.7-RELEASE with connected to a
postgresql
> database for use with ACID.

Did you use 1.9.x on Postgresql?

Can you do a "describe table event" or whatever the postgresql syntax
is?

Thanks,
Chris
--
Chris Green <cmg at ...402...>
Laugh and the world laughs with you, snore and you sleep alone.





More information about the Snort-devel mailing list