Snort mailing list archives
Snort 1.8 Problems
From: "Lodin, Steven {GZ-Q~Mannheim}" <STEVEN.LODIN () Roche COM>
Date: Wed, 11 Jul 2001 16:59:41 +0200
I have 1.7 working fine. I'm having SIGSEGV problems with Version 1.8-RELEASE (Build 43). I'm running on RH 6.x with 2.2.12-20 kernel and the latest libpcap. Here is the last part of the strace output: recvfrom(3, "\0\1\2\4\331\254\0\20KI\327\202\10\0E\0\3B\264\304@\0@"..., 1514, 0 x20, {sa_family=17, sa_data="\10\0\2\0\0\0\1\0\4\6\0\20KI"}, [20]) = 848^M ioctl(3, SIOCGSTAMP, 0xbffffa84) = 0^M --- SIGSEGV (Segmentation fault) ---^M +++ killed by SIGSEGV +++^M There are about 82 recvfrom/ioctl lines after the write that spits out Marty's name. When I run with -T I get: [root@lodins log]# snort -l /usr/local/snort/log -c /usr/local/snort/snort.conf -M /usr/local/snort/WORKSTATIONS -T Log directory = /usr/local/snort/log --== Initializing Snort ==-- Checking PID path... PATH_VARRUN is set to /var/run/ on this operating system Initializing Network Interface eth0 Kernel filter, protocol ALL, raw packet socket Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /usr/local/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes No arguments to stream4 directive, setting defaults to: Session timeout: 30 seconds Session memory cap: 8388608 bytes Stateful Inspection: ACTIVE Stream Reassembly: INACTIVE Stream Stats: INACTIVE State Alerts: ACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Back Orifice detection brute force: DISABLED Using LOCAL time 1047 Snort rules read... 1047 Option Chains linked into 165 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- -*> Snort! <*- Version 1.8-RELEASE (Build 43) By Martin Roesch (roesch () sourcefire com, www.snort.org) Snort sucessfully loaded all rules and checked all rule chains! Any thoughts or direction? Where can I begin to look? Thanks! Steve Lodin Head of Global IT Security and Risk Management Roche Diagnostics GmbH (W) +49-621-759-5276 (M) +49-173-348-4974 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8 Problems Lodin, Steven {GZ-Q~Mannheim} (Jul 11)