Re: Segfault

[Martin Roesch <roesch () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

2.6.1.2 is out, try that.

      -Marty

On Dec 21, 2006, at 4:04 PM, Bryan Swann wrote:

> I'm running snort 2.6.1.1 and it is pretty buggy and just seems to die
> on a regular basis for no apparent reason.  I did change the detection
> engine to ac-bnfa so that it would start much faster, but that is
> probably the most non-standard thing I have done.
>
> My snort process will sometimes die and other times it will simply  
> stop
> sending alerts even though the process remains.  I'm hoping the latest
> version addreses some of these issues.  I'm not sure if that is the  
> same
> problem you are having.
>
> Andy Hester wrote:
> > I have setup snort on my LAN following Andy Firman's setup guide  
> > (Thanks
> > Andy).  It is currently listening to a hub that is connected to a  
> > span
> > port on my Cisco 4006.  I have also run it without the hub  
> > directly into
> > the span port.  (The hub is only there to allow for other network
> > traffic monitoring such as Observer - apparently the 4006 will only
> > allow 1 span port.)  Internal and External networks are both set  
> > to any,
> > as I want to analyze all traffic and I didn't see any references for
> > settings for that.  Only thing missing at this point is Oinkmaster,
> > which I haven't set up because I haven't got the thing to run for  
> > more
> > than a day or so without giving a segfault.
> >
> > When snort segfaults, it gives no error messages that I can find.  I
> > have run in the foreground to see if there were any consistent  
> > issues ie
> > rules etc at the time of the segfault, but I haven't found anything
> > yet.  I have seen a couple of other people that have had the same
> > problem apparently and 1 suggested changing rulesets, which I did.
> > Still having segfaults.
> >
> > I'm not sure what to do from here with no error messages, etc.  Is  
> > this
> > an issue that has been definitively resolved?  I haven't been able to
> > find a solution anywhere, only other people with the same questions.
> > Any ideas or help would be appreciated.
> >
> > Thanks
> > Andy
> >
> >
> > --------------------------------------------------------------------- 
> > ----
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to  
> > share your
> > opinions on IT & business topics through brief surveys - and earn  
> > cash
> > http://www.techsay.com/default.php? 
> > page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> -- 
> -
> - Bryan Swann (swann () spawar navy mil)  843/218-4749
> - SPAWAR Systems Center Charleston
> -
> -  The difference between genius and stupidity is that genius has its
> limits.  - Einstein
>
> ---------------------------------------------------------------------- 
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to  
> share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php? 
> page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFi1NQqj0FAQQ3KOARAmUEAJ9Pm0MwdeB2lxHvJ8RLPLCGtstU8wCfSzJZ
Iay/hzSpY2xp1CD3RXdmXOo=
=86w8
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users