[Snort-devel] Whee, Coredump
Roy S. Rapoport
snort-devel at ...2006...
Sat May 31 14:25:05 EDT 2003
On Sat, May 31, 2003 at 09:28:11AM -0400, Erek Adams wrote:
> Ok maybe I'm just a bit crazy, but _why_ would you ever need a config file
> of that size? I know it's not you, I understand the program does that,
> but I'd like to know WHY. It just doesn't make any sense to me... I
> mean, snort.conf is _DESIGNED_ to be modular!
Don't look at it as "Oh my God, it's a 500Kb file how do you manage it."
Look at it as moving the management of the Snort components away from
the file level. Remember, SnortCenter basically gives you a pretty web
interface to handle all the components of the Snort Configuration -- you
should, theoretically, never have to look at the actual config file.
Unless, you know, SnortCenter is b0rken.
> On to the problem. Rebuild snort with --enable-debug. That wil give you
> a binary that's debug enabled and unstripped. Once you get the core, a bt
> would acutally have the info (function names and such) that's missing from
> your bt.
Done. As Brian suspected, the issue arises from a broken rule. Snort
probably *still* shouldn't segfault as a result of a broken rule. I
mean, as I understand it, good code *never* segfaults.
More information about the Snort-devel