[Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC

Joel Esler (jesler) jesler at ...589...
Tue Aug 26 10:18:17 EDT 2014

Replacing Leon’s email with his correct Cisco one (although he’s probably on a conference this week I think)

That being said..

Leon shifted to a new role (even before Cisco) and lost a lot of the time to develop the project, so I am not sure of it’s current status, but I know he was talking recently about it on this list (I believe).

Thanks for using it Kevin, glad to see people still love it.

On Aug 26, 2014, at 10:09 AM, Kevin Ross <kevross33 at ...14012...<mailto:kevross33 at ...14012...>> wrote:


Sorry I was meaning the openfpc side as not sure if that was still being worked on/supported. Glad to hear daemonlogger getting more done to it. Both openfpc & Daemonlogger do a very nice job for my needs :D


On 26 August 2014 12:47, Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>> wrote:
Most certainly is supported.  We have future plans for daemonlogger, we just haven’t updated the code in awhile.

I’ll get this over to the developer.

Joel Esler
Open Source Manager
Threat Intelligence Team Lead

On Aug 26, 2014, at 5:09 AM, Kevin Ross <kevross33 at ...14012...<mailto:kevross33 at ...14012...>> wrote:


I know this is an older tool which isn't supported but I use it for ease of integration into snorby & also that it stores onto disk and then fetches on request making it better for my sensors as PCAP solutions like moloch are just too resource intensive so I would appreciate any help kindly given (or suggestions for another suitable maintained PCAP option similar in nature).

My systems were updated recently and fine; now following reboot daemonlogger segfaults when run through openfpc so I am not able to get PCAPs. If I run daemonlogger say with just daemonlogger -i eth1 it is fine and logs PCAPs but when using openfpc -a start it says it starts and then in status it is stopped and shows in /var/log/messages as segfault error with same memory location and things for each system:

System 1 Error - kernel: : daemonlogger[23570]: segfault at 0 ip 0000000000402a0a sp 00007fffbc8be100 error 4 in daemonlogger[400000+7000]
System 2 Error - kernel: : daemonlogger[3392]: segfault at 0 ip 0000000000402a0a sp 00007fff0e1e8c90 error 4 in daemonlogger[400000+7000]

Running the queue daemon in debug mode and things is fine and shows nothing but I have no idea how to debug daemonlogger through openfpc. Some other points:

- Daemonlogger Version1.2.1 (latest version installed)
- Latest openfpc
- System running Centos 6.4
- SELINUX tried relabel, disabled etc.

Thank you for any help in advance.

Kindest Regards,
Kevin Ross
Slashdot TV.
Video for Nerds.  Stuff that matters.
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140826/c4a82cb0/attachment.html>

More information about the Snort-users mailing list