Snort mailing list archives
Re: Snort 1.8p1 on Solaris 8
From: "Bill Marquette" <wlmarque () hewitt com>
Date: Thu, 12 Jul 2001 10:12:47 -0500
Paul, assuming you have gdb on the same system as snort, please do: gdb /path/to/snort /path/to/core type "bt" (minus quotes) at the "(gdb)" prompt and email the results back to snort-devel () lists sourceforge net (or snort-users, although snort-devel certainly seems to be a more correct place :)). This is the best way to get debugging information back to the developers. --Bill |--------+-------------------------------> | | Paul Asadoorian | | | <paul.com () home com> | | | | | | 07/12/2001 09:36 AM | | | | |--------+-------------------------------> >-------------------------------------------------------------------------| | | | To: snort-users <snort-users () lists sourceforge net> | | cc: | | Client: | | Subject: [Snort-users] Snort 1.8p1 on Solaris 8 | >-------------------------------------------------------------------------| I am running the above and after a couple of minutes I got the following error: rules.c:3426: failed assertion `idx->func != NULL' [1]+ Abort (core dumped) ../bin/snort -d -c snort.conf -l ../log (wd: /opt/local/snort/rules) (wd now: /opt/local/snort/log) I can't attach the core dump because it is too big for my email server, if you need it please let me know and I will put it on an ftp server somewhere or something.... Thanks, Paul BTW, here is the config file (sanatized): var HOME_NET [MY.NET.19.0/24] var EXTERNAL_NET !$HOME_NET var SMTP $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var DNS_SERVERS [MY.NET.128.9/32,MY.NET.128.11/32] preprocessor frag2 preprocessor stream4: noalerts preprocessor stream4_reassemble preprocessor http_decode: 80 -unicode -cginull preprocessor rpc_decode: 111 preprocessor bo: -nobrute preprocessor telnet_decode preprocessor portscan: $HOME_NET 10 1 portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS include classification.config include exploit.rules include scan.rules include finger.rules include ftp.rules include telnet.rules include smtp.rules include rpc.rules include rservices.rules include backdoor.rules include dos.rules include ddos.rules include dns.rules include netbios.rules include web-cgi.rules include web-coldfusion.rules include web-frontpage.rules include web-iis.rules include web-misc.rules include sql.rules include x11.rules include misc.rules include local.rules _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8p1 on Solaris 8 Paul Asadoorian (Jul 12)
- <Possible follow-ups>
- Re: Snort 1.8p1 on Solaris 8 Bill Marquette (Jul 12)
- Re: Snort 1.8p1 on Solaris 8 Paul Asadoorian (Jul 12)