[Snort-users] SEGV fault with Solaris 9/Snort 2.6.0RC1

Steven Sturges steve.sturges at ...1935...
Wed May 10 14:44:14 EDT 2006


Thanks for the update Jonathan...

We'll update the database plugin to use a post PcapOpen
function for that section of code.

Cheers.
-steve

Miner, Jonathan W (CSC) (US SSA) wrote:
> I have found a work-around to the problem....
> 
> It turns out that unless I specify the interface name on the command line, pv.interface was being set to 0x0, ie the NULL pointer. This in turned caused 
> escapedInterfaceName to also be set to NULL.
> 
> When I specify "-i hme0" on the command line, then pv.interface gets set, and everyone downstream is happy; snort starts up, and alerts are getting logged to the database.
> 
> 
> 
> -----Original Message-----
> From:	Justin Heath [mailto:jheath at ...1935...]
> Sent:	Tue 04/25/2006 10:44 AM
> To:	snort-users at lists.sourceforge.net
> Cc:	Miner, Jonathan W (CSC) (US SSA); snort-beta at ...1935...
> Subject:	Re: [Snort-users] SEGV fault with Solaris 9/Snort 2.6.0RC1
> 
> 2.6 requires a schema change so you will need to update that if you have not 
> done so already. If you still see the issue after updating the schema add 
> --enable-debug to your configure arguments and send in the stack trace.
> 
> 
> Thanks,
> Justin Heath
> 
> On Tuesday 25 April 2006 09:41, Miner, Jonathan W (CSC) (US SSA) wrote:
> 
>>Hi -
>>
>>I'm just starting to test version 2.6.0RC, and I'm getting a SEGV when
>>trying to parse the "output directive" in my snort.conf file.
>>
>>/var/adm/messages:
>>
>>Apr 24 16:14:43 outcast snort[11235]: [ID 702911 daemon.notice] ***
>>Apr 24 16:14:43 outcast snort[11235]: [ID 702911 daemon.notice] *** Snort
>>caught a SEGV exception, shutting down. Apr 24 16:14:43 outcast
>>snort[11235]: [ID 702911 daemon.notice] *** SEGV caught while parsing
>>'../rules/snort.conf' at line 684.
>>
>>Output from `cat -n snort.conf`:
>>
>>     1  #--------------------------------------------------
>>     2  #   http://www.snort.org     Snort current Ruleset
>>     3  #     Contact: snort-sigs at lists.sourceforge.net
>>     4  #--------------------------------------------------
>>     5  # $Id: snort.conf,v 1.165 2006/03/15 18:56:59 ssturges Exp $
>>.
>>.
>>.
>>   679  # database: log to a variety of databases
>>   680  # ---------------------------------------
>>   681  # See the README.database file for more information about
>>configuring 682  # and using this plugin.
>>   683  #
>>   684  output database: log, mysql, user=snort password=AbCdE at ...13779...
>>dbname=snort host=localhost 685  # output database: alert, postgresql,
>>user=snort dbname=snort
>>
>>This is exact same syntax I've used with version 2.4.3, and I'm using the
>>snort.conf file that came with the 2.6.0RC1 tar file.  Changing the
>>password to something invalid still results in the SEGV.
>>
>>What am I missing?
>>
>>
>>-------------------------------------------------------
>>Using Tomcat but need to do more? Need to support web services, security?
>>Get stuff done quickly with pre-integrated technology to make your job
>>easier Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> 





More information about the Snort-users mailing list