Snort mailing list archives
Re: Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault
From: Fyodor <fygrave () tigerteam net>
Date: Sat, 3 Nov 2001 16:42:24 +0700
You can force snort to coredump by sending signal 13 to the pid. Or just attach gdb to snort process at the time when you think it 'goes away' with 'gdb /path/to/snort/binary <pid>' and do examination. On Fri, Nov 02, 2001 at 09:45:00PM -0500, Martin Roesch wrote:
Ok, no problem. We're just about to release Snort 1.8.2 which has probably solved your problem at any rate. Check out the downloads page at www.snort.org for more info. -Marty Tomi Tuominen wrote:Hello, Unfortunately snort does not produce core dump - no matter what settings I have for ulimit. I will upgrade the kernel and see if the problem goes away. --T Martin Roesch wrote:Ok. Can you get us a backtrace? I'd be interested to hear if upgrading to kernel 2.4.10+ makes the problem go away too, I was reading today about how the VM in Linux up to 2.4.9 had some serious problems. If you could get us a backtrace, that'd be cool, see the BUGS file for how to generate one. You should also check out the latest release of Snort at www.snort.org, check for snort-current.tar.gz on the downloads page. -Marty Tomi Tuominen wrote:Hi, First I was running snort in daemon mode but soon noticed that the daemon mysteriously stopped working after some time. This 'some time' could be anything from 15 minutes to 2 days. I got suspicious and and started running snort without -D switch. This time it took about day and a half before snort suddenly segfaulted. I checked all my logs but the only thing which might have something to do with this was that alert log contained multiple 'WEB-IIS cmd.exe access' just before segfault.-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault Martin Roesch (Oct 31)
- Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault Tomi Tuominen (Nov 01)
- Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault Tomi Tuominen (Nov 02)
- Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault Martin Roesch (Nov 02)
- Re: Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault Fyodor (Nov 03)
- Re: [Snort-devel] Snort 1.8-RELEASE (Build 43) - Segmentation fault Martin Roesch (Nov 02)