[Snort-openappid] Segfault while testing appid preprocessor

Costas Kleopa (ckleopa) ckleopa at ...5...
Thu Oct 15 13:53:10 EDT 2015


Your app stats path file seems to be miss configred. Could you send us the snort.conf you are using and also make sure that those paths do exist?

> On Oct 15, 2015, at 1:07 PM, Valerio <click.grank at ...8...> wrote:
> 
> Hi all,
> 
> I'am trying to test appid preprocesso on snort 2.9.7.6. But when I run snort I get a segmentation fault, please find in what follows the gdb stack trace of snort -c snort.conf -l /tmp (conf file in attachment):
> 
> [...]
>     AppInfo read from /usr/local/etc/appid/odp/appMapping.data
> Loading configuration file /usr/local/etc/appid/odp/appid.conf
> AppId: adding appIds to list of referred web apps: 2032 1520 1306 1307 1308 1310 1311 1312 1313 1314 1315 1316 137 1318 1319 1336 1337 1362 1372 1373 1424 1425 1457 1491 1619 1656 1659 1720 1721 1722 1723 1724 1725 1726 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1750 1751 1752 1776 1778 1804 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1869 1873 1874 1875 1876 1877 1878 1879 1881 1882 1883 1884 1885 1886 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1903 1904 1905 1906 1907 1908 1909 1910 1912 1913 1919 1920 1921 1923 1924 1925 1926 1928 1929 1930 1931 1933 1934 1935 1936 1937 1938 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1953 1955 1956 1957 1958 1959 1960 
> AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966 1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985 1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021 2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158 2159 2162 2019 2072 1508 1063 2261 2664 2690 3873 3867 
> Could not read configuration file /usr/local/etc/appid/custom/userappid.conf
> LuaJIT: Version LuaJIT 2.0.4
>     Setting tracker size to 207
> AppInfo: AppId 151 is UNKNOWN
> AppInfo: AppId 3861 is UNKNOWN
> AppInfo: AppId 3970 is UNKNOWN
> AppInfo: AppId 939 is UNKNOWN
> AppInfo: AppId 939 is UNKNOWN
> AppInfo: AppId 1697 is UNKNOWN
> AppInfo: AppId 3971 is UNKNOWN
> AppInfo: AppId 3971 is UNKNOWN
> 
> 
> 
> Program received signal SIGSEGV, Segmentation fault.
> strlen () at ../sysdeps/x86_64/strlen.S:106
> 106    ../sysdeps/x86_64/strlen.S: No such file or directory.
> (gdb) bt
> #0  strlen () at ../sysdeps/x86_64/strlen.S:106
> #1  0x00007ffff277abd1 in appIdStatsInit (appFileName=0x7ffff2a9e9d0 <config+16> "appstats-u2.log", statsPeriod=60, rolloverSize=20971520, 
>     rolloverPeriod=86400) at appIdStats.c:264
> #2  0x00007ffff27700ca in AppIdCommonInit (memcap=268435456) at commonAppMatcher.c:297
> #3  0x00007ffff27793b8 in AppIdInit (sc=0x15e7650, 
>     args=0x1687470 "app_detector_dir /usr/local/etc/appid, app_stats_filename appstats-u2.log, app_stats_period 60") at spp_appid.c:157
> #4  0x000000000042053e in ConfigurePreprocessors (sc=0x15e7650, configure_dynamic=configure_dynamic at ...99...=1) at parser.c:2111
> #5  0x0000000000434aa8 in SnortInit (argv=0x7fffffffe338, argc=6) at snort.c:5197
> #6  SnortMain (argc=6, argv=0x7fffffffe338) at snort.c:857
> #7  0x00007ffff59ffb45 in __libc_start_main (main=0x405810 <main>, argc=6, argv=0x7fffffffe338, init=<optimized out>, fini=<optimized out>, 
>     rtld_fini=<optimized out>, stack_end=0x7fffffffe328) at libc-start.c:287
> #8  0x000000000040584b in _start ()
> (gdb) 
> 
> any ideas on how to solve this issue?
> 
> many thanks in advance,
> Valerio
> 
> <snort.conf>------------------------------------------------------------------------------
> _______________________________________________
> Snort-openappid mailing list
> Snort-openappid at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-openappid
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-openappid mailing list