Snort mailing list archives

Re: Seg Fault on Snort with MySQL on Redhat 7.0

From: roman () danyliw com
Date: Thu, 23 Aug 2001 14:40:27 US/Eastern

Can you send us the backtrace of the coredump:

$ gdb ./snort core
(gdb) backtrace

cheers,
Roman

I am trying to get snort up and working with MySQL.  Snort seems to run fine
standalone, but when I try to send output to MySQL I get a Seg Fault. Does
anybody have any hints?

Thanks,
      J. Baker


Details
=======================================================
OS Redhat 7.0 i386
Snort 1.8.1-RELEASE
MySQL 3.23.22-beta

snort.conf for MySQL
output database: log, mysql, dbname=snort user=snort host=localhost



startup command:
 /usr/local/bin/snort -h 10.241.100.0/24 -N -l /var/log/snort -c
/usr/local/etc/snort.conf &

Snort Output:
Log directory = /var/log/snort

        --== Initializing Snort ==--

Initializing Network Interface eth0
Kernel filter, protocol ALL, raw packet socket
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql postgresql )
[root@localhost mysql]#
[root@localhost mysql]# /usr/local/bin/snort -h 10.241.100.0/24 -N -l
/var/log/
snort -c /usr/local/etc/snort.conf &
[3] 26089
Log directory = /var/log/snort
[root@localhost mysql]#
        --== Initializing Snort ==--

Initializing Network Interface eth0
Kernel filter, protocol ALL, raw packet socket
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql postgresql )
database: configured to use mysql
database: database name = snort
database:          user = snort
database:          host = localhost
database:   sensor name = 10.241.100.107
database:     sensor id = 1
database: schema version = 103
database: using the "log" facility
908 Snort rules read...
908 Option Chains linked into 135 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

[3]+  Segmentation fault      (core dumped) 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Seg Fault on Snort with MySQL on Redhat 7.0 Baker, J (Aug 23)
- <Possible follow-ups>
- Re: Seg Fault on Snort with MySQL on Redhat 7.0 roman (Aug 23)
- RE: Seg Fault on Snort with MySQL on Redhat 7.0 Baker, J (Aug 23)