[Snort-users] Core dumping with more then 1 rule enabled
hoagland at ...47...
Sat Jun 8 15:20:04 EDT 2002
At 10:17 PM +0200 6/7/02, Frank Lewandowski wrote:
>Now am a bit into snort, as well as the docs, a last issue not found a
>help for, is, that i can smoothly start and run snort with actual rule
>set and snort.conf, though, when i enable more than one rule, it dumps.
>All pathes set, Version 1.8.4 (Build 99) on Sparc/Solaris 8 precompiled.
>Command line is
>/opt/snort/bin/snort -c /opt/snort/etc/snort.conf -D
>Any help would be appreciated, i post a summary in the end.
That's pretty weird. Does it dump core promptly when you are
starting up? If so, it could be the Snort parser choking on
something. Look for malformed rules near the first one (be sure to
check the files that are included by snort.conf. As a sanity check,
you can try the snort rules precisely as distributed.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users