[Snort-openappid] [Snort-users] AppID warnings and Snort Segmentation fault

Kiryukhin Andrey andrei_1980 at ...31...
Wed Jul 30 11:33:04 EDT 2014


> Would it be possible to share the configuration line of where appid is
> configured?
in snort.conf  add:

preprocessor appid : app_stats_filename appstats-unified.log, \
                app_stats_period 60, \
                app_detector_dir /usr/local/cisco/*apps*


> Also can you confirm where you have installed the
> snort-openappid.2014-05-30.205-0 package?
i create directory: /usr/local/cisco/*app *

Oh, thanks for hint.   I change apps to app in snort.conf. Now  it work.
Thanks.

> Thanks
> Costas
>
>
> On 7/30/14, 11:07 AM, "Joel Esler (jesler)" <jesler at ...5...> wrote:
>
>> CC¹ing the OpenAppId list.
>>
>>
>>> On Jul 30, 2014, at 10:54 AM, Kiryukhin Andrey <andrei_1980 at ...31...>
>>> wrote:
>>>
>>> Hello.
>>> I installed   snort-2.9.7.0_beta and  snort-openappid.2014-05-30.205-0
>>> like describe this post:
>>> http://blog.snort.org/2014/03/firing-up-openappid.html
>>>
>>> when i execute
>>> snort -T -c /etc/snort/etc/snort.conf
>>>
>>> result:
>>>
>>> Snort successfully validated the configuration!
>>> Snort exiting
>>>
>>>
>>> But in log i have warnings:
>>>
>>> Invalid direct service AppId, 569, for 0x7f523f4de690 (nil)
>>> Invalid direct service AppId, 609, for 0x7f523f4d8740 (nil)
>>> Invalid direct service AppId, 603, for 0x7f523f4e5130 (nil)
>>> Invalid direct service AppId, 617, for 0x7f523f4dbeb0 (nil)
>>> Invalid direct service AppId, 547, for 0x7f523f4d8da0 (nil)
>>> Invalid direct service AppId, 165, for 0x7f523f4e0900 (nil)
>>> Invalid direct service AppId, 687, for 0x7f523f4deef0 (nil)
>>> Invalid direct service AppId, 376, for 0x7f523f4e25d0 (nil)
>>> Invalid direct service AppId, 747, for 0x7f523f4d7df0 (nil)
>>> Invalid direct service AppId, 754, for 0x7f523f4d9a70 (nil)
>>> Invalid direct service AppId, 753, for 0x7f523f4d9d60 (nil)
>>> Invalid direct service AppId, 755, for 0x7f523f4da520 (nil)
>>> Invalid direct service AppId, 603, for 0x7f523f4da520 (nil)
>>> Invalid direct service AppId, 763, for 0x7f523f4e4040 (nil)
>>> Invalid direct service AppId, 767, for 0x7f523f4d8c00 (nil)
>>> Invalid direct service AppId, 801, for 0x7f523f4d8280 (nil)
>>> Invalid direct service AppId, 800, for 0x7f523f4d8280 (nil)
>>> Invalid direct service AppId, 627, for 0x7f523f4dc3b0 (nil)
>>> Invalid direct service AppId, 894, for 0x7f523f4dcb10 (nil)
>>> Invalid direct service AppId, 895, for 0x7f523f4dcb10 (nil)
>>> Invalid direct service AppId, 398, for 0x7f523f4e2350 (nil)
>>> Invalid direct service AppId, 452, for 0x7f523f4ddbe0 (nil)
>>> Invalid direct service AppId, 823, for 0x7f523f4d90d0 (nil)
>>> Invalid direct service AppId, 1097, for 0x7f523f4e20e0 (nil)
>>> Invalid direct service AppId, 836, for 0x7f523f4de120 (nil)
>>> Invalid direct service AppId, 837, for 0x7f523f4dad50 (nil)
>>> Invalid direct service AppId, 846, for 0x7f523f4df540 (nil)
>>> Invalid direct service AppId, 847, for 0x7f523f4e6160 (nil)
>>> Invalid direct service AppId, 861, for 0x7f523f4d8530 (nil)
>>> Invalid direct service AppId, 862, for 0x7f523f4dffd0 (nil)
>>> Invalid direct service AppId, 426, for 0x7f523f4ed4c0 (nil)
>>> Invalid direct service AppId, 813, for 0x7f523f4ed4c0 (nil)
>>> Invalid direct service AppId, 118, for 0x7f523f4dea60 (nil)
>>> Invalid direct service AppId, 49, for 0x7f523f4db890 (nil)
>>> Invalid direct service AppId, 1755, for 0x7f523f4e4e30 (nil)
>>> Invalid direct service AppId, 872, for 0x7f523f4e6b50 (nil)
>>> Invalid direct service AppId, 61, for 0x7f523f4e68a0 (nil)
>>> Invalid direct service AppId, 774, for 0x7f523f4e6de0 (nil)
>>> Invalid direct service AppId, 683, for 0x7f523f4ea000 (nil)
>>> Invalid direct service AppId, 788, for 0x7f523f4ec950 (nil)
>>> Invalid direct service AppId, 701, for 0x7f523f4eb270 (nil)
>>> Invalid direct client application AppId, 788, for 0x7f523f4ecb80 (nil)
>>> Invalid direct client application AppId, 683, for 0x7f523f4ea200 (nil)
>>> Invalid direct client application AppId, 894, for 0x7f523f4d4be0 (nil)
>>> Invalid direct client application AppId, 895, for 0x7f523f4d4be0 (nil)
>>> Invalid direct client application AppId, 773, for 0x7f523f4d45b0 (nil)
>>> Invalid direct client application AppId, 872, for 0x7f523f4d4230 (nil)
>>> Invalid direct client application AppId, 619, for 0x7f523f4d3780 (nil)
>>> Invalid direct client application AppId, 846, for 0x7f523f4d3780 (nil)
>>> Invalid direct client application AppId, 723, for 0x7f523f4d3780 (nil)
>>> Invalid direct client application AppId, 794, for 0x7f523f4d3780 (nil)
>>> Invalid direct client application AppId, 771, for 0x7f523f4d3780 (nil)
>>> Invalid direct client application AppId, 61, for 0x7f523f4d2c10 (nil)
>>> Invalid direct client application AppId, 426, for 0x7f523f4ed6a0 (nil)
>>> Invalid direct client application AppId, 524, for 0x7f523f4d0e20 (nil)
>>> Invalid direct client application AppId, 936, for 0x7f523f4d0e20 (nil)
>>> Invalid direct client application AppId, 1107, for 0x7f523f4d1490 (nil)
>>> Invalid direct client application AppId, 547, for 0x7f523f4d1490 (nil)
>>> Invalid direct client application AppId, 732, for 0x7f523f4d1150 (nil)
>>> Invalid direct client application AppId, 743, for 0x7f523f4d1150 (nil)
>>> Invalid direct client application AppId, 308, for 0x7f523f4d1150 (nil)
>>> Invalid direct client application AppId, 307, for 0x7f523f4d1150 (nil)
>>> Invalid direct client application AppId, 866, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 776, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 700, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 625, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 626, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 1108, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 624, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 720, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 550, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 546, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 746, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 836, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 777, for 0x7f523f4d19c0 (nil)
>>> Invalid direct client application AppId, 701, for 0x7f523f4eb450 (nil)
>>> Invalid direct client application AppId, 813, for 0x7f523f4d3390 (nil)
>>> Invalid direct client application AppId, 571, for 0x7f523f4d2f50 (nil)
>>> Invalid direct client application AppId, 426, for 0x7f523f4ed610 (nil)
>>>
>>>
>>> Then, when i start snort in listen mode:
>>>
>>> snort  -c /etc/snort/etc/snort.conf  -i eth2
>>>
>>> i have segmentation fault:
>>>
>>>
>>>        --== Initialization Complete ==--
>>>
>>>   ,,_     -*> Snort! <*-
>>>  o"  )~   Version 2.9.7.0_beta GRE (Build 109)
>>>   ''''    By Martin Roesch & The Snort Team:
>>> http://www.snort.org/snort/snort-team
>>>           Copyright (C) 2014 Cisco and/or its affiliates. All rights
>>> reserved.
>>>           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>>>           Using libpcap version 1.1.1
>>>           Using PCRE version: 7.8 2008-09-05
>>>           Using ZLIB version: 1.2.3
>>>
>>>           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.2  <Build
>>> 1>
>>>           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
>>>           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
>>>           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
>>>           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
>>>           Preprocessor Object: APPID  Version 1.1  <Build 4>
>>>           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
>>>           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
>>>           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
>>>           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
>>>           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
>>>           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
>>>           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
>>>           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
>>>           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
>>>           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
>>> Commencing packet processing (pid=12527)
>>> Segmentation fault
>>>
>>>
>>>
>>>
>>> What can i do, to solve this problem?
>>>
>>> P.s. If no traffic on listen interface, then snort does not crash.
>>>
>>> Thanks.
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------------------------
>>> -----
>>> Infragistics Professional
>>> Build stunning WinForms apps today!
>>> Reboot your WinForms applications with our WinForms controls.
>>> Build a bridge from your legacy apps to the future.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clk
>>> trk
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140730/9d7bb886/attachment.html>


More information about the Snort-openappid mailing list