[Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC

Kevin Ross kevross33 at ...14012...
Tue Aug 26 10:09:20 EDT 2014


Hi,

Sorry I was meaning the openfpc side as not sure if that was still being
worked on/supported. Glad to hear daemonlogger getting more done to it.
Both openfpc & Daemonlogger do a very nice job for my needs :D

Thanks,
Kevin


On 26 August 2014 12:47, Joel Esler (jesler) <jesler at ...589...> wrote:

>  Most certainly *is* supported.  We have future plans for daemonlogger,
> we just haven’t updated the code in awhile.
>
>  I’ll get this over to the developer.
>
>  --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Talos
>
>   On Aug 26, 2014, at 5:09 AM, Kevin Ross <kevross33 at ...14012...>
> wrote:
>
>  Hi,
>
> I know this is an older tool which isn't supported but I use it for ease
> of integration into snorby & also that it stores onto disk and then fetches
> on request making it better for my sensors as PCAP solutions like moloch
> are just too resource intensive so I would appreciate any help kindly given
> (or suggestions for another suitable maintained PCAP option similar in
> nature).
>
> My systems were updated recently and fine; now following reboot
> daemonlogger segfaults when run through openfpc so I am not able to get
> PCAPs. If I run daemonlogger say with just daemonlogger -i eth1 it is fine
> and logs PCAPs but when using openfpc -a start it says it starts and then
> in status it is stopped and shows in /var/log/messages as segfault error
> with same memory location and things for each system:
>
> System 1 Error - kernel: : daemonlogger[23570]: segfault at 0 ip
> 0000000000402a0a sp 00007fffbc8be100 error 4 in daemonlogger[400000+7000]
> System 2 Error - kernel: : daemonlogger[3392]: segfault at 0 ip
> 0000000000402a0a sp 00007fff0e1e8c90 error 4 in daemonlogger[400000+7000]
>
> Running the queue daemon in debug mode and things is fine and shows
> nothing but I have no idea how to debug daemonlogger through openfpc. Some
> other points:
>
> - Daemonlogger Version1.2.1 (latest version installed)
> - Latest openfpc
> - System running Centos 6.4
> - SELINUX tried relabel, disabled etc.
>
> Thank you for any help in advance.
>
> Kindest Regards,
> Kevin Ross
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140826/8ab956ff/attachment.html>


More information about the Snort-users mailing list