Snort mailing list archives
Fwd: segfault in Snort 2.9.1 on reload
From: Dave Corsello <dcorsello () wintertreemedia com>
Date: Tue, 04 Oct 2011 23:40:41 -0400
System architecture: 32-bit guest running under VMware ESXi 4.1 1GB RAM. OS: Ubuntu 10.04.3, 2.6.32-33-generic-pae kernel Snort version: 2.9.1 Preprocessors loaded: normalize_ip4 normalize_tcp: ips ecn stream normalize_icmp4 normalize_ip6 normalize_icmp6 frag3_global frag3_engine stream5_global stream5_tcp http_inspect http_inspect_server rpc_decode bo ftp_telnet ftp_telnet_protocol smtp ssh dcerpc2 dcerpc2_server dns ssl sensitive_data sip imap pop Dynamic Preprocessors loaded: libsf_dce2_preproc.so libsf_ssl_preproc.so libsf_ssh_preproc.so lib_sfdynamic_preprocessor_example.so libsf_smtp_preproc.so libsf_sdf_preproc.so libsf_pop_preproc.so libsf_imap_preproc.so libsf_sip_preproc.so libsf_ftptelnet_preproc.so libsf_reputation_preproc.so libsf_dns_preproc.so Enabled rules: ips_policy=security (not using any so rules) Output plugin: unified2Command line switches: /usr/local/bin/snort --daq nfq -c /etc/snort/snort.conf -Q -D
There are no Snort messages. It's taking around 20 sec for Snort to reload. Rules and config files are attached. Error Message:Oct 3 HH:MM:SS snort kernel: [247428.121545] snort[2580]: segfault at 10c00 ip 080d1dbe sp bffe5bd0 error 4 in snort[8048000+115000]
Attachment:
local.rules
Description:
Attachment:
snort.rules
Description:
Attachment:
threshold.conf
Description:
Attachment:
snort.conf
Description:
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Fwd: segfault in Snort 2.9.1 on reload Dave Corsello (Oct 04)