[Snort-users] 2.2.0RC1 crash

sekure sekure at ...11827...
Tue Jul 6 06:09:04 EDT 2004


System Architecture: Sparc compiled on Sun V120, ran on Ultra 2, dual
processor, 1GB RAM

Operating System and version:  Sun Solaris 5.8

Version of Snort:  Snort 2.2.0 RC1

What preprocessors you loaded:

preprocessor flow: stats_interval 0 hash 2
preprocessor frag2: timeout 30
preprocessor stream4: disable_evasion_alerts, detect_scans
preprocessor stream4_reassemble
preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
    profile apache \
    ports { 80 8080 } \
    no_alerts
preprocessor rpc_decode: 111 32771
preprocessor telnet_decode
preprocessor perfmonitor: time 300 flow events file snort.stats pktcnt 10000

What rules (if any) you were using:
A variety of standard rules, plus some local, but nothing new that
didn't run on 2.1.3.  I just changed the symlink to the binary and
restarted snort, all the configs, rules, etc worked perfectly on 2.1.3

What output plug-ins you loaded:

output log_tcpdump: tcpdump.log
output alert_fast: alert
output log_unified: filename unified.log, limit 128

What command line switches you were using:
snort -dvezoDi qfe0 -c snort.conf -l /some/log/dir

Any Snort error messages:
Jul  2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error]
FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length:
2E8)

Hope this helps


On Mon, 5 Jul 2004 23:20:06 -0400, Martin Roesch <roesch at ...1935...> wrote:
> Hm.  That message is generated when a malloc fails, sounds like the
> Snort process ran itself out of memory?  Perhaps we have a memory leak
> or some such.  Can you please read the BUGS file and give us a full
> report?
> 
>       -Marty
> 
> 
> 
> On Jul 2, 2004, at 11:53 AM, sekure wrote:
> 
> > I compiled and ran the snort 2.2.0-RC1 binary on Solaris 8, in 32-bit
> > mode.
> >
> > About 5-10 minutes after launching 3 snort processes (i have 3
> > interfaces I am sniffing on), all 3 crash at the exact same time.
> > This happened twice with similar errors....
> >
> > Jul  2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error]
> > FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length:
> > 2E8)
> > Jul  2 11:43:47 inet-ids01 snort[13170]: [ID 379120 daemon.error]
> > FATAL ERROR: PrintNetData(): Failed allocating 1777 bytes! (Length:
> > 5A8)
> > Jul  2 11:43:47 inet-ids01 snort[13180]: [ID 379120 daemon.error]
> > FATAL ERROR: PrintNetData(): Failed allocating 17B9 bytes! (Length:
> > 5B4)
> >
> > i couldn't find the core files, don't think any were generated.




More information about the Snort-users mailing list