[Snort-users] Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault

Fyodor fygrave at ...121...
Sat Nov 3 01:44:01 EST 2001


You can force snort to coredump by sending signal 13 to the pid. Or just attach gdb to snort process at the time when you think it 'goes away' with 'gdb /path/to/snort/binary <pid>' and do examination.


On Fri, Nov 02, 2001 at 09:45:00PM -0500, Martin Roesch wrote:
> Ok, no problem.  We're just about to release Snort 1.8.2 which has
> probably solved your problem at any rate.  Check out the downloads page
> at www.snort.org for more info.
> 
>      -Marty
> 
> Tomi Tuominen wrote:
> > 
> > Hello,
> > 
> > Unfortunately snort does not produce core dump - no matter what settings
> > I have for ulimit. I will upgrade the kernel and see if the problem goes
> > away.
> > 
> > --T
> > 
> > Martin Roesch wrote:
> > 
> > > Ok.  Can you get us a backtrace?  I'd be interested to hear if upgrading
> > > to kernel 2.4.10+ makes the problem go away too, I was reading today
> > > about how the VM in Linux up to 2.4.9 had some serious problems.  If you
> > > could get us a backtrace, that'd be cool, see the BUGS file for how to
> > > generate one.  You should also check out the latest release of Snort at
> > > www.snort.org, check for snort-current.tar.gz on the downloads page.
> > >
> > >      -Marty
> > >
> > > Tomi Tuominen wrote:
> > >
> > >>Hi,
> > >>
> > >>First I was running snort in daemon mode but soon noticed that the
> > >>daemon mysteriously stopped working after some time. This 'some time'
> > >>could be anything from 15 minutes to 2 days. I got suspicious and and
> > >>started running snort without -D switch. This time it took about day and
> > >>a half before snort suddenly segfaulted.
> > >>
> > >>I checked all my logs but the only thing which might have something to
> > >>do with this was that alert log contained multiple 'WEB-IIS cmd.exe
> > >>access' just before segfault.
> 
> --
> Martin Roesch - President, Sourcefire Inc. - (410)552-6999
> roesch at ...1935... - http://www.sourcefire.com  
> Snort: Open Source Network IDS - http://www.snort.org
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list