Snort mailing list archives
Re: Snort Dumps....
From: "George D. Nincehelser" <george () ccitriad net>
Date: Mon, 06 Aug 2001 18:04:43 -0500
I've been having the same problem on a similar Linux setup. (Redhat 7.1, Pentium II, 400 MHz) Originally I tried the RPM. It dumped too often. Fyodor suggested I try the source instead. I compiled 1.8p1. That worked well from yesterday afternoon, but then started dumping this morning. I think it may be load related. I'm now trying the recently announced new beta (1.8.1 beta 6) with my fingers crossed. George ----- Original Message ----- From: <JSeddon () semtech com> To: <snort-users () lists sourceforge net> Sent: Monday, August 06, 2001 4:22 PM Subject: [Snort-users] Snort Dumps....
This is the first time I've used used this list to troubleshoot a core
dump
so point me right if I'm screwing it up. I'm running snort1.8 on a RedHat7.1 box. Snort runs great for anywhere from 1-5 hours but never longer. Then it dumps a core. I've followed the FAQ procedure and here's the gdb output. Is there anything else I can forward that will help us figure this out? James GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... Core was generated by `snort -c /etc/snort/snort.conf -d -D -o -h 204.216.171.0/24'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/i686/libm.so.6...done. Loaded symbols for /lib/i686/libm.so.6 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/lib/libssl.so.1...done. Loaded symbols for /usr/lib/libssl.so.1 Reading symbols from /usr/lib/libcrypto.so.1...done. Loaded symbols for /usr/lib/libcrypto.so.1 Reading symbols from /lib/i686/libc.so.6...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_nisplus.so.2...done. Loaded symbols for /lib/libnss_nisplus.so.2 #0 0x08052981 in mSearch ( buf=0x402b02db "MC_COOKIETEST=YES\r\n\r\nC_IN min 12v <> load_I_min", blen=65510, ptrn=0x8465f90 ".ewl", plen=4, skip=0x8465fa0, shift=0x84663a8) at mstring.c:506 ---Type <return> to continue, or q <return> to quit--- 506 } (gdb) where #0 0x08052981 in mSearch ( buf=0x402b02db "MC_COOKIETEST=YES\r\n\r\nC_IN min 12v <> load_I_min", blen=65510, ptrn=0x8465f90 ".ewl", plen=4, skip=0x8465fa0, shift=0x84663a8) at mstring.c:506 #1 0x08058c06 in CheckUriPatternMatch (p=0xbffff290, otn_idx=0x84654b0, fp_list=0x84663c0) at sp_pattern_match.c:873 #2 0x0805614f in EvalOpts (List=0x81196f0, p=0xbffff290) at rules.c:4026 #3 0x08055e89 in EvalHeader (rtn_idx=0x80fa3e8, p=0xbffff290) at rules.c:3745 #4 0x08055e14 in EvalPacket (List=0x809ed18, mode=2, p=0xbffff290) at rules.c:3673 #5 0x08055c90 in Detect (p=0xbffff290) at rules.c:3565 #6 0x08055ac7 in Preprocess (p=0xbffff290) at rules.c:3433 #7 0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff780, pkt=0x402b0042 "") at snort.c:512 #8 0x08077426 in packet_ring_recv () at eval.c:41 #9 0x0807774f in pcap_read () at eval.c:41 #10 0x080783ff in pcap_loop () at eval.c:41 #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441 #12 0x0804b3cf in main (argc=8, argv=0xbffff9d4) at snort.c:445 #13 0x40161177 in __libc_start_main (main=0x804ad70 <main>, argc=8, ubp_av=0xbffff9d4, init=0x804a23c <_init>, fini=0x8081df0
<_fini>,
rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9cc) at ../sysdeps/generic/libc-start.c:129 (gdb) bt #0 0x08052981 in mSearch ( buf=0x402b02db "MC_COOKIETEST=YES\r\n\r\nC_IN min 12v <> load_I_min", blen=65510, ptrn=0x8465f90 ".ewl", plen=4, skip=0x8465fa0, shift=0x84663a8) at mstring.c:506 #1 0x08058c06 in CheckUriPatternMatch (p=0xbffff290, otn_idx=0x84654b0, fp_list=0x84663c0) at sp_pattern_match.c:873 #2 0x0805614f in EvalOpts (List=0x81196f0, p=0xbffff290) at rules.c:4026 #3 0x08055e89 in EvalHeader (rtn_idx=0x80fa3e8, p=0xbffff290) at rules.c:3745 #4 0x08055e14 in EvalPacket (List=0x809ed18, mode=2, p=0xbffff290) at rules.c:3673 #5 0x08055c90 in Detect (p=0xbffff290) at rules.c:3565 #6 0x08055ac7 in Preprocess (p=0xbffff290) at rules.c:3433 #7 0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff780, pkt=0x402b0042 "") at snort.c:512 #8 0x08077426 in packet_ring_recv () at eval.c:41 #9 0x0807774f in pcap_read () at eval.c:41 #10 0x080783ff in pcap_loop () at eval.c:41 #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441 #12 0x0804b3cf in main (argc=8, argv=0xbffff9d4) at snort.c:445 #13 0x40161177 in __libc_start_main (main=0x804ad70 <main>, argc=8, ubp_av=0xbffff9d4, init=0x804a23c <_init>, fini=0x8081df0
<_fini>,
rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9cc) at ../sysdeps/generic/libc-start.c:129 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Dumps.... JSeddon (Aug 06)
- Re: Snort Dumps.... George D. Nincehelser (Aug 06)