[Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC

John York YorkJ at ...7109...
Tue Aug 26 12:00:44 EDT 2014


+1 on OpenFPC!  I use it on Ubuntu 12.x and it's a great help.
John

From: Joel Esler (jesler) [mailto:jesler at ...589...]
Sent: Tuesday, August 26, 2014 10:18 AM
To: Kevin Ross
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC

Replacing Leon's email with his correct Cisco one (although he's probably on a conference this week I think)

That being said..

Leon shifted to a new role (even before Cisco) and lost a lot of the time to develop the project, so I am not sure of it's current status, but I know he was talking recently about it on this list (I believe).

Thanks for using it Kevin, glad to see people still love it.


On Aug 26, 2014, at 10:09 AM, Kevin Ross <kevross33 at ...14012...<mailto:kevross33 at ...14012...>> wrote:


Hi,

Sorry I was meaning the openfpc side as not sure if that was still being worked on/supported. Glad to hear daemonlogger getting more done to it. Both openfpc & Daemonlogger do a very nice job for my needs :D

Thanks,
Kevin

On 26 August 2014 12:47, Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>> wrote:
Most certainly is supported.  We have future plans for daemonlogger, we just haven't updated the code in awhile.

I'll get this over to the developer.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos

On Aug 26, 2014, at 5:09 AM, Kevin Ross <kevross33 at ...14012...<mailto:kevross33 at ...14012...>> wrote:

Hi,

I know this is an older tool which isn't supported but I use it for ease of integration into snorby & also that it stores onto disk and then fetches on request making it better for my sensors as PCAP solutions like moloch are just too resource intensive so I would appreciate any help kindly given (or suggestions for another suitable maintained PCAP option similar in nature).

My systems were updated recently and fine; now following reboot daemonlogger segfaults when run through openfpc so I am not able to get PCAPs. If I run daemonlogger say with just daemonlogger -i eth1 it is fine and logs PCAPs but when using openfpc -a start it says it starts and then in status it is stopped and shows in /var/log/messages as segfault error with same memory location and things for each system:

System 1 Error - kernel: : daemonlogger[23570]: segfault at 0 ip 0000000000402a0a sp 00007fffbc8be100 error 4 in daemonlogger[400000+7000]
System 2 Error - kernel: : daemonlogger[3392]: segfault at 0 ip 0000000000402a0a sp 00007fff0e1e8c90 error 4 in daemonlogger[400000+7000]

Running the queue daemon in debug mode and things is fine and shows nothing but I have no idea how to debug daemonlogger through openfpc. Some other points:

- Daemonlogger Version1.2.1 (latest version installed)
- Latest openfpc
- System running Centos 6.4
- SELINUX tried relabel, disabled etc.

Thank you for any help in advance.

Kindest Regards,
Kevin Ross
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140826/cf5524d8/attachment.html>


More information about the Snort-users mailing list