Snort mailing list archives
Re: snort 1.8
From: Scott Nursten <scott.nursten () StreetsOnline co uk>
Date: Thu, 12 Jul 2001 14:14:06 +0100
I get the same. snort -l /var/log/snort -c /etc/snort/snort.conf Log directory = /var/log/snort --== Initializing Snort ==-- Checking PID path... PATH_VARRUN is set to /var/run/ on this operating system Initializing Network Interface eth0 Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes No arguments to stream4 directive, setting defaults to: Session timeout: 30 seconds Session memory cap: 8388608 bytes Stateful Inspection: ACTIVE Stream Reassembly: INACTIVE Stream Stats: INACTIVE State Alerts: ACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Back Orifice detection brute force: DISABLED Using LOCAL time Segmentation fault (core dumped) gdb snort -c core #0 0x08053b05 in mSplit (str=0x0, sep=0x80f2b04 " ", max_strs=2, toks=0xbfffd558, meta=92 '\\') at mstring.c:114 114 end = str + strlen(str); (gdb) where #0 0x08053b05 in mSplit (str=0x0, sep=0x80f2b04 " ", max_strs=2, toks=0xbfffd558, meta=92 '\\') at mstring.c:114 #1 0x08079530 in ParseARPspoofArgs (args=0x0) at spp_arpspoof.c:175 #2 0x080797fa in ARPspoofInit (args=0x0) at spp_arpspoof.c:299 #3 0x080550a2 in ParsePreprocessor (rule=0xbfffd65c "preprocessor arpspoof") at rules.c:1329 #4 0x080548c7 in ParseRule (rule_file=0x814a3e8, prule=0xbffff6fc "preprocessor arpspoof", inclevel=0) at rules.c:541 #5 0x0805445c in ParseRulesFile (file=0x8112254 "/etc/snort/snort.conf", inclevel=0) at rules.c:201 #6 0x0804c200 in main (argc=5, argv=0xbffffc14) at snort.c:309 #7 0x4009138b in __libc_start_main () from /lib/libc.so.6 Rgds, Scott Fyodor wrote:
On Wed, Jul 11, 2001 at 09:24:48PM -0700, John Johnson wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [root@linux /root]# snort -c /etc/snort/snort.conf -l /var/log/snort -i eth0 Log directory = /var/log/snort --== Initializing Snort ==-- Checking PID path... PATH_VARRUN is set to /var/run/ on this operating system Initializing Network Interface eth0 Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Using LOCAL time Segmentation fault (core dumped)All right, lets examine the coredump now :-p familiar with gdb?;) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Scott Nursten - Systems Administrator Streets Online Ltd. Direct: +44 (0) 1293 744 122 Business: +44 (0) 1293 402 040 Fax: +44 (0) 1293 402 050 Email: scottn () streetsonline co uk ----------------------------------------------------------------------- "Unix is user friendly. It's just selective when choosing friends." ----------------------------------------------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.8 John Johnson (Jul 11)
- RE: snort 1.8 Bill Gercken (Jul 11)
- Message not available
- RE: snort 1.8 John Johnson (Jul 11)
- Re: snort 1.8 Fyodor (Jul 11)
- Re: snort 1.8 Scott Nursten (Jul 12)
- Re: snort 1.8 Fyodor (Jul 12)
- Re: snort 1.8 Scott Nursten (Jul 12)
- RE: snort 1.8 John Johnson (Jul 11)
- <Possible follow-ups>
- snort 1.8 Phil Wood (Jul 11)