[Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue

Costas Kleopa (ckleopa) ckleopa at ...5...
Wed Aug 13 16:35:17 EDT 2014


Thank you for the update Peyman. We haven¹t tested that utility in such
hardware
so we will try and reproduce it to see what the problem is.

Were you able to get the u2streamer to work on an Ubuntu with 4Gigs or RAM
or this 
is the only version of OS/CPU you can test openappid for now?


On 8/13/14, 2:52 PM, "Peyman Gohari" <peyman.gohari.pub at ...8...> wrote:

>Hi Costas
>
>  Here are the requested details: it is a debian (wheezy) running on a
>Beagle Bone Black.
>   - processor: AM335x 1GHz ARM® Cortex-A8
>   - memory: 512MB DDR3 RAM + I have added a swap file of 512MB
>running from 4GB 8-bit eMMC on-board flash storage
>
>  Some more details:
>root at ...40...:~# uname -a
>Linux beaglebone 3.8.13-bone47 #1 SMP Fri Apr 11 01:36:09 UTC 2014
>armv7l GNU/Linux
>
>root at ...40...:~# more /proc/version
>Linux version 3.8.13-bone47 (root at ...41...) (gcc version
>4.6.3 (Debian 4.6.3-14) ) #1 SMP Fri Apr 11 01:36:09 UTC 2014
>
>root at ...40...:~# lscpu
>Architecture:          armv7l
>Byte Order:            Little Endian
>CPU(s):                1
>On-line CPU(s) list:   0
>Thread(s) per core:    1
>Core(s) per socket:    1
>Socket(s):             1
>
>  Thanks
>Peyman
>
>On Wed, Aug 13, 2014 at 10:46 PM, Costas Kleopa (ckleopa)
><ckleopa at ...5...> wrote:
>> Peyman,
>>
>> Can you confirm the exact OS, and memory you are using to test this?
>>
>> Thanks
>> Costas
>>
>>
>> From: Peyman Gohari <peyman.gohari.pub at ...8...>
>> Date: Tuesday, August 12, 2014 at 8:32 PM
>> To: "snort-openappid at lists.sourceforge.net"
>> <snort-openappid at lists.sourceforge.net>
>> Subject: [Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue
>>
>> Hi
>>
>>   I am running snort-2.9.7.0_beta with openappid on an ARM7 platform.
>>   u2streamer fails with the following message:
>>
>>    u2streamer --path=/var/log/snort --name=appstats-unified.log  Looking
>> with timestamp: 0
>> *** glibc detected *** u2streamer: free(): invalid next size (normal):
>> 0x000140f0 ***
>> Aborted
>>
>>   Having a look at the code shows that the malloc in u2streamer.c may
>>be the
>> source of the issue:
>>
>> static int ParseCommandLine(int argc, char *argv[])
>> {
>> ...
>>  case 'n':
>>                 config.name = malloc(strlen(optarg))+2;
>> ...
>>
>>   Having increased the memory allocated by the malloc prevents the
>>crash,
>> but I am still not getting any log added to /var/log/auth.log
>>
>>   What am I missing?
>>
>> Thanks!
>> PG





More information about the Snort-openappid mailing list