Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Core dumping with more then 1 rule enabled

From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 8 Jun 2002 07:52:33 -0700
At 10:17 PM +0200 6/7/02, Frank Lewandowski wrote:

Hi Folks,

Now am a bit into snort, as well as the docs, a last issue not found a
help for, is, that i can smoothly start and run snort with actual rule
set and snort.conf, though, when i enable more than one rule, it dumps.
All pathes set, Version 1.8.4 (Build 99) on Sparc/Solaris 8 precompiled.
Command line is

/opt/snort/bin/snort -c /opt/snort/etc/snort.conf -D

Any help would be appreciated, i post a summary in the end.
That's pretty weird. Does it dump core promptly when you are starting up? If so, it could be the Snort parser choking on something. Look for malformed rules near the first one (be sure to check the files that are included by snort.conf. As a sanity check, you can try the snort rules precisely as distributed. 

Good luck,

  Jim



--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: