[Snort-users] Snort 2.8.6 on SPARC 64 OpenBSD from Port "bus error"

Kaya Saman kayasaman at ...11827...
Sun Dec 9 22:00:01 EST 2012


Many thanks.

Let's just see if it works on my platform now without segfaulting like 
before??

Regards,

Kaya

On 12/10/2012 02:55 AM, Joel Esler wrote:
> http://www.snort.org/docs
>
> There is an openBSD Install doc at the link above.
>
> --
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
> On Dec 9, 2012, at 9:51 PM, Kaya Saman <kayasaman at ...11827...> wrote:
>
>> Thanks for the response!
>>
>> I tried installing snort 2.9.3.1 with Daq 1.1.1 however, upon running 
>> ./configure I got an error saying that libpcap library version >= 
>> 1.0.0  not found
>>
>> Unfortunately since this seems to be unsupported on OpenBSD RELEASE I 
>> couldn't find any documentation on how to get over this hurdle.
>>
>> As such I wasn't quite sure what to do?
>>
>>
>> Regards,
>>
>> Kaya
>>
>>
>> On 12/10/2012 02:32 AM, Joel Esler wrote:
>>> The first suggestion you'll probably receive from anyone, especially 
>>> me, will be to upgrade.  I know 2.9.4.0 works on OpenBSD, I can't 
>>> vouch for 2.8.6
>>>
>>> --
>>> *Joel Esler*
>>> Senior Research Engineer, VRT
>>> OpenSource Community Manager
>>> Sourcefire
>>>
>>> On Dec 9, 2012, at 8:19 PM, Kaya Saman <kayasaman at ...11827... 
>>> <mailto:kayasaman at ...11827...>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm running Snort 2.8.6 on OpenBSD 5.2 sparc64 platform.
>>>>
>>>> My system is being used as a router/gateway/NAT/Firewall with multiple
>>>> VLANs, LACP and PPPoE for WAN connectivity.
>>>>
>>>> I'm running this particular version of Snort because it was built
>>>> directly from Ports meaning that it is supported (all be it out of 
>>>> date).
>>>>
>>>> (trunk0 is my LACP interface connected to my switch on ports bge2 
>>>> and bge3)
>>>>
>>>> If I run: snort -i trunk0 -c /etc/snort/snort.conf
>>>>
>>>> or with -i set to any of my vlans I get the error: "bus error core 
>>>> dumped"
>>>>
>>>>
>>>> Rebuilding with debugging active I have traced the error to this:
>>>>
>>>>
>>>> cd /usr/ports/net/snort
>>>> FLAVOR="mysql flexresp" make clean
>>>> FLAVOR="mysql flexresp" make DEBUG=-g repackage reinstall
>>>> gdb `which snort`
>>>> set args -i trunk0 -c /etc/snort/snort.conf
>>>> run
>>>>
>>>>
>>>> Program received signal SIGBUS, Bus error.
>>>> 0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
>>>> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/util.c:2657
>>>> 2657        msec = tvp->tv_usec / 1000;
>>>>
>>>>
>>>>
>>>> (gdb) bt full
>>>> #0  0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
>>>> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/util.c:2657
>>>>          lt = (struct tm *) 0x0
>>>>          buf = 0x209c74660 ""
>>>>          msec = 74103168
>>>> #1  0x000000000016c30c in Database (p=0xffffffffffff76b0,
>>>> msg=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", arg=0x20b75f880,
>>>> event=0x205cf6d64)
>>>>      at
>>>> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/output-plugins/spo_database.c:1145
>>>>          data = (DatabaseData *) 0x20b75f880
>>>>          query = (SQLQuery *) 0x2046ab980
>>>>          root = (SQLQuery *) 0x2046ab980
>>>>          timestamp_string = 0x0
>>>>          insert_fields = 0x0
>>>>          insert_values = 0x0
>>>>          sig_name = 0x0
>>>>          sig_class = 0x0
>>>>          ref_system_name = 0x0
>>>>          ref_node_id_string = 0x0
>>>>          ref_tag = 0x0
>>>>          packet_data = 0x0
>>>>          packet_data_not_escaped = 0x0
>>>>          select0 = 0x0
>>>>          select1 = 0x0
>>>>          insert0 = 0x0
>>>>          i = 0
>>>>          insert_fields_len = 0
>>>>          insert_values_len = 21365344
>>>>          ok_transaction = 0
>>>>          ref_system_id = -2113895936
>>>>          ret = 0
>>>>          sig_id = 0
>>>>          ref_id = 0
>>>>          class_id = 0
>>>>          class_ptr = (ClassType *) 0x0
>>>>          refNode = (ReferenceNode *) 0x2033fd3c0
>>>>          sig_rev = '\0' <repeats 15 times>
>>>>          sig_sid = '\0' <repeats 15 times>
>>>>          sig_gid = '\0' <repeats 15 times>
>>>> #2  0x000000000014c62c in CallAlertFuncs (p=0xffffffffffff76b0,
>>>> message=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", 
>>>> head=0x20e33eb00,
>>>>      event=0x205cf6d64) at
>>>> /usr/ports/pobj/snort-2.8.6-mysql-flexresp/snort-2.8.6/src/detect.c:441
>>>>          idx = (OutputFuncNode *) 0x20a284080
>>>> #3  0x000000000014d744 in AlertAction (p=0xffffffffffff76b0,
>>>> otn=0x205cf6c00, event=0x205cf6d64)
>>>>
>>>>
>>>>
>>>> I am no expert at debugging programs and I'm not sure what is going on
>>>> other then there seems to be an issue with:
>>>>
>>>> GetTimeStamp in the util.c file
>>>>
>>>>
>>>>
>>>> Could anyone offer any assistance to get snort working?
>>>>
>>>>
>>>> I really would like to use the system as an IDS and already have setup
>>>> MySQL and Base, so to get working would be brilliant!
>>>>
>>>>
>>>> Regards,
>>>>
>>>>
>>>> Kaya
>>>>
>>>> ------------------------------------------------------------------------------
>>>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>>>> Remotely access PCs and mobile devices and provide instant support
>>>> Improve your efficiency, and focus on delivering more value-add 
>>>> services
>>>> Discover what IT Professionals Know. Rescue delivers
>>>> http://p.sf.net/sfu/logmein_12329d2d
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the 
>>>> latest Snort news!
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121210/72e67112/attachment.html>


More information about the Snort-users mailing list