Snort mailing list archives
snort crash - after sometime in IDS mode
From: "Rahul" <shadhanker () gmx net>
Date: Mon, 18 Aug 2003 16:21:45 +0530
Hello all,
I've compiled snort and able to run in sniffer / packet logger mode.
But when i try to run snort in IDS mode as
# snort -c /var/snort/etc/snort.conf
-----------gives error (bus error)as given below(gdb output).
GDB output:
##########
======Starting program: /usr/bin/snort -c /var/snort/etc/snort.conf
Running in IDS mode
Log directory = /var/log/snort
Initializing Network Interface lan0
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface lan0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /var/snort/etc/snort.conf
:
:
:
-*> Snort! <*-
Version 2.0.1 (Build 88)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
Program received signal SIGBUS, Bus error.
BuildPacket (s=0x401ae348, stream_size=139, p=0x7ffff250, direction=0)
at spp_stream4.c:4053
4053 stream_pkt->iph->ip_src.s_addr = p->iph->ip_dst.s_addr;
(gdb)
Plz help me to iovercome this?
Advance thanks,
-sadha
On Wed, 13 Aug 2003, Rahul wrote: [...snip...]My another Q! is does basic conf will work withotu any modification or
need
to ''edit'' conf file before using with "-c".No. You _must_ edit it. It's commented quite well. And _PLEASE_ read the docs! Everything that you've asked has been answered in there. Once it becomes obvious that you're not trying to help yourself by reading, the amount of help from list members drops dramatically... Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Erek Adams (Aug 12)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 13)
- Re: reg: snort.conf David Alonso De La Vega Tapage (Aug 13)
- Re: reg: snort.conf Erek Adams (Aug 13)
- Re: reg: snort.conf Rahul (Aug 15)
- snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Matt Kettler (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 20)
- Re: snort crash - after sometime in IDS mode(plz reply) Rahul (Aug 20)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)