[Snort-users] Snort-users Digest, Vol 112, Issue 7

Joel Cornett (jocornet) jocornet at ...589...
Wed Sep 9 11:22:34 EDT 2015


>I tried to run below command against piglet test scripts (I got the test
>scripts on github in /piglet/tests source tree), but suddenly it crashed
>and gave me this result:
>Or am I missing anything here?
>
>
>snort --script-path=/opt/snort3/piglet --piglet
>
>--------------------------------------------------
>
>o")~ Snort++ 3.0.0-a2-168
>
>--------------------------------------------------
>
>--------------------------------------------------
>
>pcap DAQ configured to passive.
>
>=== PIGLET (16 tests)
>
>[0] - ips_action::react - /opt/snort3/piglet/instance/ips_action.lua
>
>Passed
>
>[1] - inspector::telnet - /opt/snort3/piglet/instance/inspector.lua
>
>-- get_buf_from_key C++ exception
>
>-- get_buf_from_id C++ exception
>
>-- clear C++ exception
>
>-- get_buf_from_type C++ exception
>
>-- eval C++ exception
>
>Failed
>
>[2] - logger::alert_csv - /opt/snort3/piglet/instance/logger.lua
>
>-- log C++ exception
>
>-- alert C++ exception
>
>Failed
>
>[3] - search_engine::ac_full -
>/opt/snort3/piglet/instance/search_engine.lua
>
>Passed
>
>[4] - codec::ipv4 - /opt/snort3/piglet/instance/codec.lua
>
>-- decode C++ exception 0.0.0.0<http://0.0.0.0> ->
>0.0.0.0<http://0.0.0.0> Next:0x00 TTL:0 TOS:0x0 ID:0 IpLen:0
>DgmLen:00.0.0.0<http://0.0.0.0> -> 0.0.0.0<http://0.0.0.0> Next:0x00
>TTL:0 TOS:0x0 ID:0 IpLen:0 DgmLen:0
>
>Segmentation fault (core dumped)
>
>
>I would greatly appreciate it if you could give me some feedback on this
>matter.
>
>
>Many thanks!

Hi. Can you run snort through the debugger and provide a backtrace of the
core dump? Also, you can specify individual scripts via `--script-path` to
narrow down which script is triggering the core.

Best,

Joel Cornett, Software Engineer, Cisco





More information about the Snort-users mailing list