[Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC
Marty Roesch (maroesch)
maroesch at ...589...
Tue Aug 26 10:36:09 EDT 2014
What’s the command line that’s being fed to DaemonLogger? That’d probably be the first place to start looking. That’s a pretty weird error, is there a core dump?
Martin Roesch - maroesch at ...589...<mailto:maroesch at ...589...>
VP/Chief Architect, Security Business Group
o" )~ Sourcefire Now a part of Cisco . : | : . : | : .
From: Kevin Ross <kevross33 at ...14012...<mailto:kevross33 at ...14012...>>
Date: Tuesday, August 26, 2014 at 5:09 AM
To: "leon.ward at ...1935...<mailto:leon.ward at ...1935...>" <leon.ward at ...1935...<mailto:leon.ward at ...1935...>>, "snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>" <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC
I know this is an older tool which isn't supported but I use it for ease of integration into snorby & also that it stores onto disk and then fetches on request making it better for my sensors as PCAP solutions like moloch are just too resource intensive so I would appreciate any help kindly given (or suggestions for another suitable maintained PCAP option similar in nature).
My systems were updated recently and fine; now following reboot daemonlogger segfaults when run through openfpc so I am not able to get PCAPs. If I run daemonlogger say with just daemonlogger -i eth1 it is fine and logs PCAPs but when using openfpc -a start it says it starts and then in status it is stopped and shows in /var/log/messages as segfault error with same memory location and things for each system:
System 1 Error - kernel: : daemonlogger: segfault at 0 ip 0000000000402a0a sp 00007fffbc8be100 error 4 in daemonlogger[400000+7000]
System 2 Error - kernel: : daemonlogger: segfault at 0 ip 0000000000402a0a sp 00007fff0e1e8c90 error 4 in daemonlogger[400000+7000]
Running the queue daemon in debug mode and things is fine and shows nothing but I have no idea how to debug daemonlogger through openfpc. Some other points:
- Daemonlogger Version1.2.1 (latest version installed)
- Latest openfpc
- System running Centos 6.4
- SELINUX tried relabel, disabled etc.
Thank you for any help in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users