[Snort-users] Snort 1.7 segfaults on FreeBSD 4.1

Per Arne Enstad Per.A.Enstad at ...1111...
Mon Jan 8 16:20:03 EST 2001


Hi,

I've been running Snort-1.6.3-patch2 on a FreeBSD x86 system since 
october last year, and it has been working completely trouble-free 
during this period. The load on the monitored network is usually in 
excess of 2kpps during peak hours, - still appearently without dropping 
packets with my approx. 1100 line ruleset.

I'v trid to upgrade to Snort 1.7 but, alas, it crashes (segfault, 
signal 11) within only a couple of hours, leaving a snort.core 
coredump. Nothing has been changed in the ruleset or startup command 
from 1.6.3-patch to 1.7, and downgrading cures the problem.

A few details regarding my system:

O/S:     FreeBSD 4.1-20001017-STABLE
Ruleset: snortfull.conf (12122k)
Startup command:
/usr/local/bin/snort -b -D -o -i dc0 -l /var/log/snort -c 
/usr/local/snort/rules.base

Plugins used:
- defrag
- http_decode
- minfrag
- portscan

Snort is linked with Mysql library, but I'm currently not using this plugin (commented out).

To conserve diskspace and bandwidth I will not include the corefile in this posting, but all information I can provide is of course awailable upon request.

Regards
- Per Arne Enstad





More information about the Snort-users mailing list