[Snort-users] snort 1.8.4b1 dumping core

Martin Roesch roesch at ...1935...
Sun Feb 3 21:28:02 EST 2002


Hi Kris,
     Does it core right away or does it take a while?

Can you try enabling DEBUG mode (see the BUGS file) and let it run through
that?  Run snort like this:

Snort [optons] > debug.file

You can also try running Snort from inside gdb and see if you can get better
information on the backtrace from that, something really weird is happening
here.

     -Marty


On 2/3/02 5:36 PM, "Kris Kennaway" <kris at ...1402...> wrote:

> On Sun, Feb 03, 2002 at 09:41:14AM -0500, Martin Roesch wrote:
>> Ok, remove the square brackets around your HOME_NET var, they're
>> unnecessary.
> 
> Actually I removed a 10.0.0.0/8 from there during testing because I
> wanted it to be analyzing more traffic.
> 
>> Other than that I'm not sure why this would be crashing from
>> the info I'm seeing.
> 
> :-(
> 
>> What type of network are you running on (ethernet,
>> t/r, fddi, etc)?
> 
> It's monitoring traffic over a 1.5 MBit DSL.
> 
> Kris
> 

-- 
Martin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list