[Snort-devel] Segfault on Snort 2.7.0.1 at UNC

Steven Sturges steve.sturges at ...402...
Mon Oct 15 09:41:04 EDT 2007


Hi Alex--

Is there any chance you have a core file, or at least a stack
trace that you can send us?  That will point us in the right
area.

Barnyard is not an output plugin -- do you use unified,
database, csv, or other output module -- look in snort.conf
for lines starting with output (default conf file has this
under Step #4).

Cheers.
-steve

Alex Everett wrote:
> Hello:
>  
> I have been working on a new installation. Snort ran all night, but after
> restarting a seperate database server I have had problems.
>  
> System Architecture (Sparc, x86, etc): x86_64
> Operating System and version (Linux 2.0.22, IRIX 5.3, etc): RHEL 5,
> 2.6.18-8.1.10.el5 SMP
> Version of Snort: 2.7.0.1
> What preprocessors you loaded: should be close to default: frag3, stream5,
> httpinspect, perfmonitor, rpc_decode, ftp_telnet, ftp_telnet_protocol, smtp,
> sfportscan, dcerpc, dns
> What rules (if any) you were using: current snapshot, bleeding-edge 
> What output plug-ins you loaded: barnyard 0.2.0
> What command line switches you were using: /usr/local/bin/snort -c
> /etc/snort/snort.dag0_0.conf -o -D -u snort -i dag0
> Any Snort error messages:
> Oct 12 09:47:11 ids-border snort[18041]: PID path stat checked out ok, PID
> path set to /var/run/ 
> Oct 12 09:47:11 ids-border snort[18041]: Writing PID "18041" to file
> "/var/run//snort_dag0.pid" 
> Oct 12 09:47:11 ids-border snort[17788]: Daemon parent exiting 
> Oct 12 09:47:11 ids-border snort[18041]: Daemon initialized, signaled parent
> pid: 17788 
> Oct 12 09:47:18 ids-border snort[18041]: Preprocessor/Decoder Rule Count: 0 
> Oct 12 09:47:18 ids-border snort[18041]: Snort initialization completed
> successfully (pid=18041) 
> Oct 12 09:47:18 ids-border snort[18041]: Not Using PCAP_FRAMES 
> Oct 12 09:47:45 ids-border snmpd[3597]: Received SNMP packet(s) from UDP:
> [152.2.80.135]:34814 
> Oct 12 09:59:08 ids-border kernel: snort[18041]: segfault at
> 0000000000000014 rip 000000000045eb7f rsp 00007fffb8f9d300 error 4
> Oct 12 09:59:08 ids-border kernel: dag0: PID 18041 (TGID 18041) released
> stream 0 while still locked
> 
>  
>  
>  
>  
> Sincerely,
>  
> Alex Everett, CISSP
> IT Security Engineer
> Information Technology Services
> University of North Carolina
> Chapel Hill
> 919.445.9390
>  
> 




More information about the Snort-devel mailing list