Snort mailing list archives
Re: Diagnosing snort 2.7.0 seg fault
From: "Justin Heath" <justin.heath () gmail com>
Date: Wed, 1 Aug 2007 10:54:20 -0400
If you are still experiencing an issue after updating to the cvs build please let us know. If you can please send in what OS and version you are using, your snort.conf file, a pcap (if it's triggered by a traffic condition), and a backtrace. In order to get a useful backtrace compile with --enable-debug. If the segfault happens again run snort from gdb and type in 'bt' after the segfault happens and send that in. If you don't want to send all that to the list please send it to bugs () snort org. Cheers, Justin On 8/1/07, Matthew Watchinski <mwatchinski () sourcefire com> wrote:
If you do a cvs checkout of the 2.7.0 code these things have been fixed there. So these rules shouldn't cause problems anymore. -matt M. Shirk wrote:Are you running bleeding threat rules? If so, that is probably the problem. There are several rules with zero content and flow tags that are causing issues in Snort 2.7 Here is my disablesid list from oinkmaster: disablesid 2002758 disablesid 2002742 disablesid 2003068 disablesid 2001874 disablesid 2001984 disablesid 2001219 I think 2001874 has been fixed, it was a syntax error, but just try to run without those rules. Shirkdog ' or 1=1-- http://www.shirkdog.usFrom: James Lay <jlay () slave-tothe-box net> To: Snort <snort-users () lists sourceforge net> Subject: [Snort-users] Diagnosing snort 2.7.0 seg fault Date: Wed, 01 Aug 2007 08:29:15 -0600 Hey all! I upgraded from 2.4.0 to 2.7.0 as well as moved it to a chroot environment. Snort now seg faults at the end with: Not Using PCAP_FRAMES Segmentation fault What information can I provide/take a look at to determine how to fix this? Gdb or ptrace or something like that? Thank you. James ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_________________________________________________________________ Don't get caught with egg on your face. Play Chicktionary! http://club.live.com/chicktionary.aspx?icid=chick_hotmailtextlink2 ------------------------------------------------------------------------ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Diagnosing snort 2.7.0 seg fault James Lay (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault M. Shirk (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault Matthew Watchinski (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault Justin Heath (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault James Lay (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault Colin Grady (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault Todd Wease (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault Matthew Watchinski (Aug 01)
- Re: Diagnosing snort 2.7.0 seg fault M. Shirk (Aug 01)