Snort mailing list archives

Re: OpenFPC Daemonlogger Segfault Through OpenFPC

From: "Marty Roesch (maroesch)" <maroesch () cisco com>
Date: Tue, 26 Aug 2014 14:36:09 +0000

What’s the command line that’s being fed to DaemonLogger?  That’d probably be the first place to start looking.  That’s 
a pretty weird error, is there a core dump?

--
Martin Roesch - maroesch () cisco com<mailto:maroesch () cisco com>
VP/Chief Architect, Security Business Group
   ,,_
  o"  )~  Sourcefire  Now a part of Cisco   . : | : . : | : .
   ''''

From: Kevin Ross <kevross33 () googlemail com<mailto:kevross33 () googlemail com>>
Date: Tuesday, August 26, 2014 at 5:09 AM
To: "leon.ward () sourcefire com<mailto:leon.ward () sourcefire com>" <leon.ward () sourcefire com<mailto:leon.ward () 
sourcefire com>>, "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () 
lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] OpenFPC Daemonlogger Segfault Through OpenFPC

Hi,

I know this is an older tool which isn't supported but I use it for ease of integration into snorby & also that it 
stores onto disk and then fetches on request making it better for my sensors as PCAP solutions like moloch are just too 
resource intensive so I would appreciate any help kindly given (or suggestions for another suitable maintained PCAP 
option similar in nature).

My systems were updated recently and fine; now following reboot daemonlogger segfaults when run through openfpc so I am 
not able to get PCAPs. If I run daemonlogger say with just daemonlogger -i eth1 it is fine and logs PCAPs but when 
using openfpc -a start it says it starts and then in status it is stopped and shows in /var/log/messages as segfault 
error with same memory location and things for each system:

System 1 Error - kernel: : daemonlogger[23570]: segfault at 0 ip 0000000000402a0a sp 00007fffbc8be100 error 4 in 
daemonlogger[400000+7000]
System 2 Error - kernel: : daemonlogger[3392]: segfault at 0 ip 0000000000402a0a sp 00007fff0e1e8c90 error 4 in 
daemonlogger[400000+7000]

Running the queue daemon in debug mode and things is fine and shows nothing but I have no idea how to debug 
daemonlogger through openfpc. Some other points:

- Daemonlogger Version1.2.1 (latest version installed)
- Latest openfpc
- System running Centos 6.4
- SELINUX tried relabel, disabled etc.

Thank you for any help in advance.

Kindest Regards,
Kevin Ross

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

OpenFPC Daemonlogger Segfault Through OpenFPC Kevin Ross (Aug 26)
- Re: OpenFPC Daemonlogger Segfault Through OpenFPC Joel Esler (jesler) (Aug 26)
  - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Kevin Ross (Aug 26)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Joel Esler (jesler) (Aug 26)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC John York (Aug 26)
- Re: OpenFPC Daemonlogger Segfault Through OpenFPC Marty Roesch (maroesch) (Aug 26)
  - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Jeremy Hoel (Aug 26)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Kevin Ross (Aug 27)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Leon Ward (leonward) (Aug 27)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Jeremy Hoel (Aug 27)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Kevin Ross (Aug 28)
    - Re: OpenFPC Daemonlogger Segfault Through OpenFPC Leon Ward (leonward) (Aug 29)