Snort mailing list archives
Re: Core dumping with more then 1 rule enabled
From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 8 Jun 2002 07:52:33 -0700
At 10:17 PM +0200 6/7/02, Frank Lewandowski wrote:
Hi Folks, Now am a bit into snort, as well as the docs, a last issue not found a help for, is, that i can smoothly start and run snort with actual rule set and snort.conf, though, when i enable more than one rule, it dumps. All pathes set, Version 1.8.4 (Build 99) on Sparc/Solaris 8 precompiled. Command line is /opt/snort/bin/snort -c /opt/snort/etc/snort.conf -D Any help would be appreciated, i post a summary in the end.
That's pretty weird. Does it dump core promptly when you are starting up? If so, it could be the Snort parser choking on something. Look for malformed rules near the first one (be sure to check the files that are included by snort.conf. As a sanity check, you can try the snort rules precisely as distributed.
Good luck, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Core dumping with more then 1 rule enabled Frank Lewandowski (Jun 07)
- RE: Core dumping with more then 1 rule enabled - SUMMARY Frank Lewandowski (Jun 08)
- Re: Core dumping with more then 1 rule enabled Chris Green (Jun 08)
- Re: Core dumping with more then 1 rule enabled Chris Green (Jun 08)
- Re: Core dumping with more then 1 rule enabled James Hoagland (Jun 08)