[Snort-users] Snort Segfaulting

Martin Roesch roesch at ...1935...
Mon Aug 7 16:58:51 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you run a gdb backtrace so we can get a look at what's going on?   
Check out the BUGS file for explicit info on getting a backtrace.

      -Marty

On Aug 7, 2006, at 2:52 PM, Eric Hines wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I am running in to a problem here on a Snort sensor that seems to be
> segfaulting. For some reason this only happens with Snort 3.4. When
> Snort 3.3 is used, the problem does not occur. I've tried (2)  
> different
> Linux distros at this point, both SuSE 9 and CentOS 4 -- the problem
> occurs on both.
>
> Snort does not log any crash details or information to the snort_log.
>
> Has anyone run in to this? Does anyone know what the problem may be
> attributed to?
>
>
> [root at ...274... bin]# /aw/sbin/snort2.4 -i eth0 -c
> /usr/local/appliedwatch/agent/inst/agent.aWGz2T/data/snort/conf/ 
> snort.co
> nf -l /usr/local/appliedwatch/agent/inst/agent.aWGz2T/var/snort/log
>
>
>         --== Initialization Complete ==--
>
>    ,,_     -*> Snort_Inline! <*-
>   o"  )~   Version 2.4.5 (Build 29)
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/team.html
>            (C) Copyright 1998-2005 Sourcefire Inc., et al.
>            Snort_Inline Mod by William Metcalf, Victor Julien, Nick
> Rogness,
>            Dave Remien, Rob McMillen and Jed Haile
>  NOTE: Snort's default output has changed in version 2.4.1!
>        The default logging mode is now PCAP, use "-K ascii" to  
> activate
>        the old default logging mode.
>
> Segmentation fault
>
>
>
>
> - --
>
> Best Regards,
>
> Eric S. Hines, GCIA, CISSP
> CEO, President, Chairman
> Applied Watch Technologies, LLC
>
>
> - --------------------------------------------------
>
> Eric S. Hines, GCIA, CISSP
> CEO, President, Chairman
> Applied Watch Technologies, LLC
>
> - --------------------------------------------------
>
> Email:   eric.hines at ...8860...
> Address: 1095 Pingree Road
>          Suite 213
>          Crystal Lake, IL
>          60014
> Tel:     (877) 262-7593 ext:327
> Local:   (847) 854-5831
> Fax:     (847) 854-5106
> Web:     http://www.appliedwatch.com
>
> - --------------------------------------------------
> Security Management for the Open Source Enterprise
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFE14wE1va6QYTV0EMRAuD0AJ4vSEYBUbO/fY3lvf2SEAXg/NmOvgCfYHoa
> VrQ/Mj3C/Q7bdwW5IwX8LU0=
> =//QM
> -----END PGP SIGNATURE-----
> <eric.hines.vcf>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642______________________________ 
> _________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFE16mLqj0FAQQ3KOARApV2AJ44h6QXE+eaqUVgi5bs66Ly16aEcwCfTKlV
q/qagBA2Xt29cHGKe6KOQJo=
=AZ+t
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list