Snort mailing list archives
Re: snort crash - after sometime in IDS mode(plz reply)
From: "Rahul" <shadhanker () gmx net>
Date: Wed, 20 Aug 2003 08:30:34 +0530
Hello all, As i didn't get any response, i'm forwarding again. FYI, I'm not getting out of memory. I'm using snort-2.0.1 on HPUX(PA and IPF) 64bit machines. I've compiled sucessfully and able to run in 2 modes (sniffer and packet logger mode - works fine) But in IDS mode, snort crashed after 3-4 mins by giving Bus error. tusc output is, tusc result as follows.... : : gettimeofday(0x7ffff6f0, NULL) ........................................................................ = 0 getmsg(3, 0x40011ba8, 0x7ffff6e0, 0x7ffff700) ......................................................... = 0 ctlptr.maxlen: 8192 ctlptr.len: 4 ctlptr.buf: 0x4009afe8 dataptr.maxlen: 8192 dataptr.len: 60 dataptr.buf: 0x40191a82 *flagsp: 0 gettimeofday(0x7ffff6f0, NULL) ........................................................................ = 0 getmsg(3, 0x40011ba8, 0x7ffff6e0, 0x7ffff700) ......................................................... = 0 ctlptr.maxlen: 8192 ctlptr.len: 4 ctlptr.buf: 0x4009afe8 dataptr.maxlen: 8192 dataptr.len: 56 dataptr.buf: 0x40191a82 *flagsp: 0 gettimeofday(0x7ffff6f0, NULL) ........................................................................ = 0 ******* Received signal 10, SIGBUS, in user mode, [SIG_DFL], partial siginfo Siginfo: si_code: BUS_ADRALN, faulting address: 0x20000000401b60aa, si_errno: 0 PC: 00000001000000a0.0 break.m 0x14000 exit(10) [implicit] ............................................................................ ....... WIFSIGNALED(SIGBUS)|WCOREDUMP ****** any idea abt this? Plz help to resolve this asap. Advance thanks for all. any help would be greatly appreciated. Note: If i diable these 2 lines, it works. Don/t know how? . By deactivating stream4 means, COMMENT the 2 lines (preprocessor ) as follows. in snort.conf preprocessor stream4: detect_scans, disable_evasion_alerts ----> #preprocessor stream4: detect_scans, disable_evasion_alerts preprocessor stream4_reassemble -----> #preprocessor stream4_reassemble works fine. but i don;t want to diable these. Thanks and Regards, -sadha
At 04:21 PM 8/18/2003 +0530, Rahul wrote:I've compiled snort and able to run in sniffer / packet logger mode. But when i try to run snort in IDS mode as # snort -c /var/snort/etc/snort.conf -----------gives error (bus error)as given below(gdb output).Are you running out of memory by any chance? ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: reg: snort.conf, (continued)
- Re: reg: snort.conf Erek Adams (Aug 12)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 13)
- Re: reg: snort.conf David Alonso De La Vega Tapage (Aug 13)
- Re: reg: snort.conf Erek Adams (Aug 13)
- Re: reg: snort.conf Rahul (Aug 15)
- snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Matt Kettler (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 20)
- Re: snort crash - after sometime in IDS mode(plz reply) Rahul (Aug 20)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Erek Adams (Aug 12)