[Snort-users] Snort 2.8.6 on SPARC 64 OpenBSD from Port "bus error"

Joel Esler jesler at ...1935...
Sun Dec 9 21:32:21 EST 2012


The first suggestion you'll probably receive from anyone, especially me, will be to upgrade.  I know 2.9.4.0 works on OpenBSD, I can't vouch for 2.8.6

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Dec 9, 2012, at 8:19 PM, Kaya Saman <kayasaman at ...11827...> wrote:

> Hi,
> 
> I'm running Snort 2.8.6 on OpenBSD 5.2 sparc64 platform.
> 
> My system is being used as a router/gateway/NAT/Firewall with multiple 
> VLANs, LACP and PPPoE for WAN connectivity.
> 
> I'm running this particular version of Snort because it was built 
> directly from Ports meaning that it is supported (all be it out of date).
> 
> (trunk0 is my LACP interface connected to my switch on ports bge2 and bge3)
> 
> If I run: snort -i trunk0 -c /etc/snort/snort.conf
> 
> or with -i set to any of my vlans I get the error: "bus error core dumped"
> 
> 
> Rebuilding with debugging active I have traced the error to this:
> 
> 
> cd /usr/ports/net/snort
> FLAVOR="mysql flexresp" make clean
> FLAVOR="mysql flexresp" make DEBUG=-g repackage reinstall
> gdb `which snort`
> set args -i trunk0 -c /etc/snort/snort.conf
> run
> 
> 
> Program received signal SIGBUS, Bus error.
> 0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/util.c:2657
> 2657        msec = tvp->tv_usec / 1000;
> 
> 
> 
> (gdb) bt full
> #0  0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/util.c:2657
>          lt = (struct tm *) 0x0
>          buf = 0x209c74660 ""
>          msec = 74103168
> #1  0x000000000016c30c in Database (p=0xffffffffffff76b0,
> msg=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", arg=0x20b75f880,
> event=0x205cf6d64)
>      at
> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/output-plugins/spo_database.c:1145
>          data = (DatabaseData *) 0x20b75f880
>          query = (SQLQuery *) 0x2046ab980
>          root = (SQLQuery *) 0x2046ab980
>          timestamp_string = 0x0
>          insert_fields = 0x0
>          insert_values = 0x0
>          sig_name = 0x0
>          sig_class = 0x0
>          ref_system_name = 0x0
>          ref_node_id_string = 0x0
>          ref_tag = 0x0
>          packet_data = 0x0
>          packet_data_not_escaped = 0x0
>          select0 = 0x0
>          select1 = 0x0
>          insert0 = 0x0
>          i = 0
>          insert_fields_len = 0
>          insert_values_len = 21365344
>          ok_transaction = 0
>          ref_system_id = -2113895936
>          ret = 0
>          sig_id = 0
>          ref_id = 0
>          class_id = 0
>          class_ptr = (ClassType *) 0x0
>          refNode = (ReferenceNode *) 0x2033fd3c0
>          sig_rev = '\0' <repeats 15 times>
>          sig_sid = '\0' <repeats 15 times>
>          sig_gid = '\0' <repeats 15 times>
> #2  0x000000000014c62c in CallAlertFuncs (p=0xffffffffffff76b0,
> message=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", head=0x20e33eb00,
>      event=0x205cf6d64) at
> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/detect.c:441
>          idx = (OutputFuncNode *) 0x20a284080
> #3  0x000000000014d744 in AlertAction (p=0xffffffffffff76b0,
> otn=0x205cf6c00, event=0x205cf6d64)
> 
> 
> 
> I am no expert at debugging programs and I'm not sure what is going on 
> other then there seems to be an issue with:
> 
> GetTimeStamp in the util.c file
> 
> 
> 
> Could anyone offer any assistance to get snort working?
> 
> 
> I really would like to use the system as an IDS and already have setup 
> MySQL and Base, so to get working would be brilliant!
> 
> 
> Regards,
> 
> 
> Kaya
> 
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121209/8ddef16b/attachment.html>


More information about the Snort-users mailing list