Re: Segfault with Snort 2.9.1

[beenph <beenph () gmail com>]

Or before running snort from a terminal you can type ulimit -c <some
large number>

start snort (from console)

If it segfault it should create a core dump in the directory you
started snort either , core or core.<pid>

> From there you can run gdb -c <path to core file> <path to snort binary>

and type bt at the gdb prompt to get the stack trace.

-elz


On Wed, Sep 28, 2011 at 2:11 PM, Martin Holste <mcholste () gmail com> wrote:
> Just start snort with gdb --args in front of your normal method
> (making sure to remove any daemonizing commands) and when you get the
> segfault, issue the "bt" command.  For extra ease, start it with the
> screen command so you can exit the server without exiting the session.
>
> On Wed, Sep 28, 2011 at 10:35 AM, Peter Bates <peter.bates () ucl ac uk> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Hello all
> >
> > On 28/09/2011 16:22, Lay, James wrote:
> > > Peter, try starting this with strace e.g. "sudo strace snort -T -c
> > > /etc/snort/snort.conf"...may give you some insight on where it's
> > > having an issue.
> >
> > Sorry - I should have said I've tried running it through strace
> > and all I see is it segfaulting after writing the same things to the
> > console that I put in my previous email.
> >
> > I guess the next trick is GDB but that might be too much for my head
> > to handle today.
> >
> > - --
> > Peter Bates
> > Senior Computer Security Officer    Phone: +44(0)2076792049
> > Information Services Division       Internal Ext: 32049
> > University College London
> > London WC1E 6BT
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.17 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQEcBAEBAgAGBQJOgz7UAAoJELhVoVpEMS6RNDQH/0cJIUyUilmZSo/Hm684gmDR
> > t0OSkNH7xOOElDTOqyoDznoNXL8MNi5s1ZzN6gROIEfoc07LxvgVN7hz+uVxyruk
> > TttUC1b/BtvEVI50rDNC/hP7UVweVB4QtAnQQHr8E8OzCuLIAJnMhDCD6OO1cqZm
> > iodHn4tTOYzODlFW/pP9lNnAPqGkBYOLs8JnOluYZ0qtgY9RfUGSdvtM49wIowp7
> > h0XwEaKr06slIjWmi0SD3P6ZseBOLILGp0StkcNBLrTdc9HvEvSJi1sv3A5TD8XG
> > uIk/n5yEndtVWBT7mEmXIp6eHNtiibiIuGCsU0aMEWOsSMNOLI0Q/8vIRuicSVQ=
> > =bHQJ
> > -----END PGP SIGNATURE-----
> >
> >
> > ------------------------------------------------------------------------------
> > All the data continuously generated in your IT infrastructure contains a
> > definitive record of customers, application performance, security
> > threats, fraudulent activity and more. Splunk takes this data and makes
> > sense of it. Business sense. IT sense. Common sense.
> > http://p.sf.net/sfu/splunk-d2dcopy1
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!