[Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC

Kevin Ross kevross33 at ...14012...
Tue Aug 26 05:09:37 EDT 2014


Hi,

I know this is an older tool which isn't supported but I use it for ease of
integration into snorby & also that it stores onto disk and then fetches on
request making it better for my sensors as PCAP solutions like moloch are
just too resource intensive so I would appreciate any help kindly given (or
suggestions for another suitable maintained PCAP option similar in nature).

My systems were updated recently and fine; now following reboot
daemonlogger segfaults when run through openfpc so I am not able to get
PCAPs. If I run daemonlogger say with just daemonlogger -i eth1 it is fine
and logs PCAPs but when using openfpc -a start it says it starts and then
in status it is stopped and shows in /var/log/messages as segfault error
with same memory location and things for each system:

System 1 Error - kernel: : daemonlogger[23570]: segfault at 0 ip
0000000000402a0a sp 00007fffbc8be100 error 4 in daemonlogger[400000+7000]
System 2 Error - kernel: : daemonlogger[3392]: segfault at 0 ip
0000000000402a0a sp 00007fff0e1e8c90 error 4 in daemonlogger[400000+7000]

Running the queue daemon in debug mode and things is fine and shows nothing
but I have no idea how to debug daemonlogger through openfpc. Some other
points:

- Daemonlogger Version1.2.1 (latest version installed)
- Latest openfpc
- System running Centos 6.4
- SELINUX tried relabel, disabled etc.

Thank you for any help in advance.

Kindest Regards,
Kevin Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140826/ac718849/attachment.html>


More information about the Snort-users mailing list