Re: Snort 1.8p1 on Solaris 8

["Bill Marquette" <wlmarque () hewitt com>]

Paul, assuming you have gdb on the same system as snort, please do:

gdb /path/to/snort /path/to/core

type "bt" (minus quotes) at the "(gdb)" prompt and email the results back to
snort-devel () lists sourceforge net (or snort-users, although snort-devel
certainly seems to be a more correct place :)).

This is the best way to get debugging information back to the developers.

--Bill


|--------+------------------------------->
|        |          Paul Asadoorian      |
|        |          <paul.com () home com>  |
|        |                               |
|        |          07/12/2001 09:36 AM  |
|        |                               |
|--------+------------------------------->
  >-------------------------------------------------------------------------|
  |                                                                         |
  |      To:   snort-users <snort-users () lists sourceforge net>              |
  |      cc:                                                                |
  |      Client:                                                            |
  |      Subject:   [Snort-users] Snort 1.8p1 on Solaris 8                  |
  >-------------------------------------------------------------------------|





I am running the above and after a couple of minutes I got the following
error:

rules.c:3426: failed assertion `idx->func != NULL'

[1]+  Abort                   (core dumped) ../bin/snort -d -c
snort.conf -l ../log  (wd: /opt/local/snort/rules)
(wd now: /opt/local/snort/log)


I can't attach the core dump because it is too big for my email server,
if you need it please let me know
and I will put it on an ftp server somewhere or something....

Thanks,

Paul

BTW, here is the config file (sanatized):

var HOME_NET [MY.NET.19.0/24]
var EXTERNAL_NET !$HOME_NET
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS [MY.NET.128.9/32,MY.NET.128.11/32]
preprocessor frag2
preprocessor stream4: noalerts
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 10 1 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
include classification.config
include exploit.rules
include scan.rules
include finger.rules
include ftp.rules
include telnet.rules
include smtp.rules
include rpc.rules
include rservices.rules
include backdoor.rules
include dos.rules
include ddos.rules
include dns.rules
include netbios.rules
include web-cgi.rules
include web-coldfusion.rules
include web-frontpage.rules
include web-iis.rules
include web-misc.rules
include sql.rules
include x11.rules
include misc.rules
include local.rules


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users