[Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue

Peyman Gohari peyman.gohari.pub at ...8...
Wed Aug 13 17:50:20 EDT 2014


Thanks Costas for your message.
This is the only platform I have been testing OpenAppId on.
I am planning to install ArchLinux on my BBB to give another try. I
will let you know the result.

Regards
PG

On Thu, Aug 14, 2014 at 6:35 AM, Costas Kleopa (ckleopa)
<ckleopa at ...5...> wrote:
> Thank you for the update Peyman. We haven¹t tested that utility in such
> hardware
> so we will try and reproduce it to see what the problem is.
>
> Were you able to get the u2streamer to work on an Ubuntu with 4Gigs or RAM
> or this
> is the only version of OS/CPU you can test openappid for now?
>
>
> On 8/13/14, 2:52 PM, "Peyman Gohari" <peyman.gohari.pub at ...8...> wrote:
>
>>Hi Costas
>>
>>  Here are the requested details: it is a debian (wheezy) running on a
>>Beagle Bone Black.
>>   - processor: AM335x 1GHz ARM® Cortex-A8
>>   - memory: 512MB DDR3 RAM + I have added a swap file of 512MB
>>running from 4GB 8-bit eMMC on-board flash storage
>>
>>  Some more details:
>>root at ...40...:~# uname -a
>>Linux beaglebone 3.8.13-bone47 #1 SMP Fri Apr 11 01:36:09 UTC 2014
>>armv7l GNU/Linux
>>
>>root at ...40...:~# more /proc/version
>>Linux version 3.8.13-bone47 (root at ...41...) (gcc version
>>4.6.3 (Debian 4.6.3-14) ) #1 SMP Fri Apr 11 01:36:09 UTC 2014
>>
>>root at ...40...:~# lscpu
>>Architecture:          armv7l
>>Byte Order:            Little Endian
>>CPU(s):                1
>>On-line CPU(s) list:   0
>>Thread(s) per core:    1
>>Core(s) per socket:    1
>>Socket(s):             1
>>
>>  Thanks
>>Peyman
>>
>>On Wed, Aug 13, 2014 at 10:46 PM, Costas Kleopa (ckleopa)
>><ckleopa at ...5...> wrote:
>>> Peyman,
>>>
>>> Can you confirm the exact OS, and memory you are using to test this?
>>>
>>> Thanks
>>> Costas
>>>
>>>
>>> From: Peyman Gohari <peyman.gohari.pub at ...8...>
>>> Date: Tuesday, August 12, 2014 at 8:32 PM
>>> To: "snort-openappid at lists.sourceforge.net"
>>> <snort-openappid at lists.sourceforge.net>
>>> Subject: [Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue
>>>
>>> Hi
>>>
>>>   I am running snort-2.9.7.0_beta with openappid on an ARM7 platform.
>>>   u2streamer fails with the following message:
>>>
>>>    u2streamer --path=/var/log/snort --name=appstats-unified.log  Looking
>>> with timestamp: 0
>>> *** glibc detected *** u2streamer: free(): invalid next size (normal):
>>> 0x000140f0 ***
>>> Aborted
>>>
>>>   Having a look at the code shows that the malloc in u2streamer.c may
>>>be the
>>> source of the issue:
>>>
>>> static int ParseCommandLine(int argc, char *argv[])
>>> {
>>> ...
>>>  case 'n':
>>>                 config.name = malloc(strlen(optarg))+2;
>>> ...
>>>
>>>   Having increased the memory allocated by the malloc prevents the
>>>crash,
>>> but I am still not getting any log added to /var/log/auth.log
>>>
>>>   What am I missing?
>>>
>>> Thanks!
>>> PG
>




More information about the Snort-openappid mailing list