[Snort-users] Snort 2.8.6 on SPARC 64 OpenBSD from Port "bus error"
jesler at ...1935...
Sun Dec 9 21:55:44 EST 2012
There is an openBSD Install doc at the link above.
Senior Research Engineer, VRT
OpenSource Community Manager
On Dec 9, 2012, at 9:51 PM, Kaya Saman <kayasaman at ...11827...> wrote:
> Thanks for the response!
> I tried installing snort 126.96.36.199 with Daq 1.1.1 however, upon running ./configure I got an error saying that libpcap library version >= 1.0.0 not found
> Unfortunately since this seems to be unsupported on OpenBSD RELEASE I couldn't find any documentation on how to get over this hurdle.
> As such I wasn't quite sure what to do?
> On 12/10/2012 02:32 AM, Joel Esler wrote:
>> The first suggestion you'll probably receive from anyone, especially me, will be to upgrade. I know 188.8.131.52 works on OpenBSD, I can't vouch for 2.8.6
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> On Dec 9, 2012, at 8:19 PM, Kaya Saman <kayasaman at ...11827...> wrote:
>>> I'm running Snort 2.8.6 on OpenBSD 5.2 sparc64 platform.
>>> My system is being used as a router/gateway/NAT/Firewall with multiple
>>> VLANs, LACP and PPPoE for WAN connectivity.
>>> I'm running this particular version of Snort because it was built
>>> directly from Ports meaning that it is supported (all be it out of date).
>>> (trunk0 is my LACP interface connected to my switch on ports bge2 and bge3)
>>> If I run: snort -i trunk0 -c /etc/snort/snort.conf
>>> or with -i set to any of my vlans I get the error: "bus error core dumped"
>>> Rebuilding with debugging active I have traced the error to this:
>>> cd /usr/ports/net/snort
>>> FLAVOR="mysql flexresp" make clean
>>> FLAVOR="mysql flexresp" make DEBUG=-g repackage reinstall
>>> gdb `which snort`
>>> set args -i trunk0 -c /etc/snort/snort.conf
>>> Program received signal SIGBUS, Bus error.
>>> 0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
>>> 2657 msec = tvp->tv_usec / 1000;
>>> (gdb) bt full
>>> #0 0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
>>> lt = (struct tm *) 0x0
>>> buf = 0x209c74660 ""
>>> msec = 74103168
>>> #1 0x000000000016c30c in Database (p=0xffffffffffff76b0,
>>> msg=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", arg=0x20b75f880,
>>> data = (DatabaseData *) 0x20b75f880
>>> query = (SQLQuery *) 0x2046ab980
>>> root = (SQLQuery *) 0x2046ab980
>>> timestamp_string = 0x0
>>> insert_fields = 0x0
>>> insert_values = 0x0
>>> sig_name = 0x0
>>> sig_class = 0x0
>>> ref_system_name = 0x0
>>> ref_node_id_string = 0x0
>>> ref_tag = 0x0
>>> packet_data = 0x0
>>> packet_data_not_escaped = 0x0
>>> select0 = 0x0
>>> select1 = 0x0
>>> insert0 = 0x0
>>> i = 0
>>> insert_fields_len = 0
>>> insert_values_len = 21365344
>>> ok_transaction = 0
>>> ref_system_id = -2113895936
>>> ret = 0
>>> sig_id = 0
>>> ref_id = 0
>>> class_id = 0
>>> class_ptr = (ClassType *) 0x0
>>> refNode = (ReferenceNode *) 0x2033fd3c0
>>> sig_rev = '\0' <repeats 15 times>
>>> sig_sid = '\0' <repeats 15 times>
>>> sig_gid = '\0' <repeats 15 times>
>>> #2 0x000000000014c62c in CallAlertFuncs (p=0xffffffffffff76b0,
>>> message=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", head=0x20e33eb00,
>>> event=0x205cf6d64) at
>>> idx = (OutputFuncNode *) 0x20a284080
>>> #3 0x000000000014d744 in AlertAction (p=0xffffffffffff76b0,
>>> otn=0x205cf6c00, event=0x205cf6d64)
>>> I am no expert at debugging programs and I'm not sure what is going on
>>> other then there seems to be an issue with:
>>> GetTimeStamp in the util.c file
>>> Could anyone offer any assistance to get snort working?
>>> I really would like to use the system as an IDS and already have setup
>>> MySQL and Base, so to get working would be brilliant!
>>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>>> Remotely access PCs and mobile devices and provide instant support
>>> Improve your efficiency, and focus on delivering more value-add services
>>> Discover what IT Professionals Know. Rescue delivers
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> Snort-users list archive:
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users