Snort mailing list archives
Re: Snort-users Digest, Vol 14, Issue 7
From: Mandy Aguirre via Snort-users <snort-users () lists snort org>
Date: Sat, 21 Jul 2018 08:12:17 +0800
Hi, I am new with snort. I am currently running it with Endian firewall in front of our email server, for a month everything seems ok but since yesterday I am facing issue when I enabled snort from the the intrusion detection. It blocks POP, IMAP and RDP but it shows from the live logs that it was allowed. I have also all these warnings. Jul 20 23:57:05 syslog-ng[2372] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode Please update it to use the syslog-ng 3.5 format at your time of convinience, compatibility mode can operate less efficiently in some cases. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file.; Please advise. thanks. Best Regards, Mandy Aguirre On Sat, Jul 21, 2018, 12:01 AM <snort-users-request () lists snort org> wrote:
Send Snort-users mailing list submissions to snort-users () lists snort org To subscribe or unsubscribe via the World Wide Web, visit https://lists.snort.org/mailman/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists snort org You can reach the person managing the list at snort-users-owner () lists snort org When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: Error while starting Snort 3 (Y M) 2. Re: Error while starting Snort 3 (Mike Stepanek (mstepane)) 3. Re: Error while starting Snort 3 (Russ) 4. Re: Error while starting Snort 3 (Mike Stepanek (mstepane)) 5. recommended approach for multi-instance Snort (ziggypiggy) 6. (no subject) (jeanmicheltangue) 7. Re: Error while starting Snort 3 (Y M) 8. Snort 3.0 occasionaly coredumps (SIGSEGV), traces included (Alan Kayahan) ---------- Forwarded message ---------- From: Y M <snort () outlook com> To: "snort-users () lists snort org" <snort-users () lists snort org> Cc: Bcc: Date: Wed, 18 Jul 2018 14:33:29 +0000 Subject: Re: [Snort-users] Error while starting Snort 3 The actual error messages should show up a little earlier while loading the config. If you scroll up in Snort output, do you see the error message? YM ------------------------------ *From:* 3075646100n behalf of *Sent:* Wednesday, July 18, 2018 5:27 PM *To:* snort-users () lists snort org *Subject:* [Snort-users] Error while starting Snort 3 Hi all, I am trying to install snort 3 on VM with centos 7.5 with this guide, however I fail to run snort against an interface like shown in the end. Guide: https://www.snort.org/documents/snort-3-on-centos-7 While initialising search engine, i get fatal error and snort quits. I found nothing about this specific error. Error: -------------------------------------------------- search engine instances: 791 patterns: 81091 pattern chars: 1416781 num states: 1081210 num match states: 81083 memory scale: MB total memory: 28.5913 pattern memory: 4.44377 match list memory: 10.981 transition memory: 13.0699 Could not read app_name. Line Snort Differs AppKey vmware-remote-auth -> vmware-remote-a -------------------------------------------------- pcap DAQ configured to passive. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. Any help please? _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: "Mike Stepanek (mstepane)" <mstepane () cisco com> To: "Ľubomír Bielik" <lubomir.bielik.96 () gmail com>, " snort-users () lists snort org" <snort-users () lists snort org> Cc: Bcc: Date: Wed, 18 Jul 2018 14:40:23 +0000 Subject: Re: [Snort-users] Error while starting Snort 3 It seems to be complaining about your appMapping.data in your ODP (with what looks to be an odd line in it). Which ODP are you using? Did you modify it at all? Anything odd looking in it (each line should basically look the same with a comma-separated list of strings and numbers)? Anything odd about how you configured it? I don't suppose we can get the file... - Mike Stepanek mstepane () cisco com On 7/18/18, 7:41 AM, "Snort-users on behalf of Ľubomír Bielik via Snort-users" <snort-users-bounces () lists snort org on behalf of snort-users () lists snort org> wrote: Hi all, I am trying to install snort 3 on VM with centos 7.5 with this guide, however I fail to run snort against an interface like shown in the end. Guide: https://www.snort.org/documents/snort-3-on-centos-7 While initialising search engine, i get fatal error and snort quits. I found nothing about this specific error. Error: -------------------------------------------------- search engine instances: 791 patterns: 81091 pattern chars: 1416781 num states: 1081210 num match states: 81083 memory scale: MB total memory: 28.5913 pattern memory: 4.44377 match list memory: 10.981 transition memory: 13.0699 Could not read app_name. Line Snort Differs AppKey vmware-remote-auth -> vmware-remote-a -------------------------------------------------- pcap DAQ configured to passive. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. Any help please? _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: Russ <rucombs () cisco com> To: snort-users () lists snort org, "Mike Stepanek (mstepane)" < mstepane () cisco com> Cc: Bcc: Date: Wed, 18 Jul 2018 11:48:24 -0400 Subject: Re: [Snort-users] Error while starting Snort 3 The error is unrelated to the search engine. It is coming from appid. Double check your appid config. Mike may be able to give you some advice on that. We'll change the output to make that more clear. On 7/18/18 7:41 AM, Ľubomír Bielik via Snort-users wrote:Hi all, I am trying to install snort 3 on VM with centos 7.5 with this guide, however I fail to run snort against an interface like shown in the end. Guide: https://www.snort.org/documents/snort-3-on-centos-7 While initialising search engine, i get fatal error and snort quits. I found nothing about this specific error. Error: -------------------------------------------------- search engine instances: 791 patterns: 81091 pattern chars: 1416781 num states: 1081210 num match states: 81083 memory scale: MB total memory: 28.5913 pattern memory: 4.44377 match list memory: 10.981 transition memory: 13.0699 Could not read app_name. Line Snort Differs AppKey vmware-remote-auth -> vmware-remote-a -------------------------------------------------- pcap DAQ configured to passive. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. Any help please? _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latestSnort news!Please follow these rules:https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: "Mike Stepanek (mstepane)" <mstepane () cisco com> To: "Ľubomír Bielik" <lubomir.bielik.96 () gmail com>, " snort-users () lists snort org" <snort-users () lists snort org> Cc: Bcc: Date: Wed, 18 Jul 2018 16:53:47 +0000 Subject: Re: [Snort-users] Error while starting Snort 3 Correction: The entries in that file are tab-delineated (my fingers got ahead of my brain). In the appMapping.data file that you shared with me, it looks like the very first line is "bogus" (the one that doesn't look like any other line). I just downloaded it myself, and I see the same issue that you see. Somewhere along the way, we must have started including a bad line at the top of that file. We will work on getting that resolved. Also, it looks like Snort2 and Snort3 AppIDs have a difference stance on the fatalness of bad app entries. We'll work on resolving that as well (and make a clearer message). In the meantime, you should be able to just remove that first line, and it should work just fine. So, delete this line at the top (it shouldn't be there): Snort Differs AppKey vmware-remote-auth -> vmware-remote-a Thanks for the report! - Mike Stepanek mstepane () cisco com On 7/18/18, 10:40 AM, "Mike Stepanek (mstepane)" <mstepane () cisco com> wrote: It seems to be complaining about your appMapping.data in your ODP (with what looks to be an odd line in it). Which ODP are you using? Did you modify it at all? Anything odd looking in it (each line should basically look the same with a comma-separated list of strings and numbers)? Anything odd about how you configured it? I don't suppose we can get the file... - Mike Stepanek mstepane () cisco com On 7/18/18, 7:41 AM, "Snort-users on behalf of Ľubomír Bielik via Snort-users" <snort-users-bounces () lists snort org on behalf of snort-users () lists snort org> wrote: Hi all, I am trying to install snort 3 on VM with centos 7.5 with this guide, however I fail to run snort against an interface like shown in the end. Guide: https://www.snort.org/documents/snort-3-on-centos-7 While initialising search engine, i get fatal error and snort quits. I found nothing about this specific error. Error: -------------------------------------------------- search engine instances: 791 patterns: 81091 pattern chars: 1416781 num states: 1081210 num match states: 81083 memory scale: MB total memory: 28.5913 pattern memory: 4.44377 match list memory: 10.981 transition memory: 13.0699 Could not read app_name. Line Snort Differs AppKey vmware-remote-auth -> vmware-remote-a -------------------------------------------------- pcap DAQ configured to passive. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. Any help please? _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: ziggypiggy <ziggypiggy () fastmail com> To: snort-users () lists snort org Cc: Bcc: Date: Thu, 19 Jul 2018 11:10:12 -0400 Subject: [Snort-users] recommended approach for multi-instance Snort I have a reasonably capable Dell R740 with Intel XL710 2x40Gbps NIC to do Snort performance testing on. Is there a general consensus on the best approach (i.e. highest throughput) for doing multi-instance Snort (v2.9.11.1)? The options I see are: - PF_RING - DPDK - something else? I'm assuming using OVS and Snort VMs would have lower performance because of the potential bottledneck of OVS and overhead of KVM. Intel(R) Xeon(R) Gold 6138 CPU @ 2.00GHz Thread(s) per core: 2 Core(s) per socket: 20 Socket(s): 2 Memory: 128GB Thx, ---------- Forwarded message ---------- From: jeanmicheltangue <jeanmicheltangue () gmail com> To: Snort-users () lists snort org Cc: Bcc: Date: Thu, 19 Jul 2018 17:35:55 +0000 Subject: [Snort-users] (no subject) I have a problème with barnyard2.. it does not save the snort logs in the mysql. Sometimes he does it and sometimes not at all. Please help me.. its for my soutenance Envoyé depuis mon smartphone Samsung Galaxy. ---------- Forwarded message ---------- From: Y M <snort () outlook com> To: "snort-users () lists snort org" <snort-users () lists snort org> Cc: Bcc: Date: Thu, 19 Jul 2018 17:40:46 +0000 Subject: Re: [Snort-users] Error while starting Snort 3 I have had the same AppID message but it never caused Snort to error out or quit. I just considered it a warning. Output of Snort running against a pcap is attached just in case if it helps. YM ------------------------------ *From:* Snort-users <snort-users-bounces () lists snort org> on behalf of Mike Stepanek (mstepane) via Snort-users <snort-users () lists snort org> *Sent:* Wednesday, July 18, 2018 7:53 PM *To:* Ľubomír Bielik; snort-users () lists snort org *Subject:* Re: [Snort-users] Error while starting Snort 3 Correction: The entries in that file are tab-delineated (my fingers got ahead of my brain). In the appMapping.data file that you shared with me, it looks like the very first line is "bogus" (the one that doesn't look like any other line). I just downloaded it myself, and I see the same issue that you see. Somewhere along the way, we must have started including a bad line at the top of that file. We will work on getting that resolved. Also, it looks like Snort2 and Snort3 AppIDs have a difference stance on the fatalness of bad app entries. We'll work on resolving that as well (and make a clearer message). In the meantime, you should be able to just remove that first line, and it should work just fine. So, delete this line at the top (it shouldn't be there): Snort Differs AppKey vmware-remote-auth -> vmware-remote-a Thanks for the report! - Mike Stepanek mstepane () cisco com On 7/18/18, 10:40 AM, "Mike Stepanek (mstepane)" <mstepane () cisco com> wrote: It seems to be complaining about your appMapping.data in your ODP (with what looks to be an odd line in it). Which ODP are you using? Did you modify it at all? Anything odd looking in it (each line should basically look the same with a comma-separated list of strings and numbers)? Anything odd about how you configured it? I don't suppose we can get the file... - Mike Stepanek mstepane () cisco com On 7/18/18, 7:41 AM, "Snort-users on behalf of Ľubomír Bielik via Snort-users" <snort-users-bounces () lists snort org on behalf of snort-users () lists snort org> wrote: Hi all, I am trying to install snort 3 on VM with centos 7.5 with this guide, however I fail to run snort against an interface like shown in the end. Guide: https://www.snort.org/documents/snort-3-on-centos-7 While initialising search engine, i get fatal error and snort quits. I found nothing about this specific error. Error: -------------------------------------------------- search engine instances: 791 patterns: 81091 pattern chars: 1416781 num states: 1081210 num match states: 81083 memory scale: MB total memory: 28.5913 pattern memory: 4.44377 match list memory: 10.981 transition memory: 13.0699 Could not read app_name. Line Snort Differs AppKey vmware-remote-auth -> vmware-remote-a -------------------------------------------------- pcap DAQ configured to passive. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. Any help please? _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: Alan Kayahan <hsykay () gmail com> To: snort-users () lists snort org Cc: Bcc: Date: Fri, 20 Jul 2018 15:30:11 +0200 Subject: [Snort-users] Snort 3.0 occasionaly coredumps (SIGSEGV), traces included Distributor ID: Ubuntu Description: Ubuntu 16.04.4 LTS Release: 16.04 Codename: xenial ,,_ -*> Snort++ <*- o" )~ Version 3.0.0 (Build 245) from 2.9.11 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 2.2.2 Using LuaJIT version 2.0.4 Using OpenSSL 1.0.2g 1 Mar 2016 Using libpcap version 1.7.4 Using PCRE version 8.38 2015-11-23 Using ZLIB version 1.2.8 Using FlatBuffers 1.8.0 Using Hyperscan version 4.7.0 2018-05-30 Using LZMA version 5.1.0alpha Above is the setup we are using, plus the latest OpenAppID database. It operates inline with NFQ. Following are couple of stack traces. PID: 16540 (snort) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Wed 2018-07-11 23:54:27 UTC (1 weeks 1 days ago) Command Line: /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules --plugin-path=/usr/local/lib/snort_extra -Q -D Executable: /usr/local/bin/snort Control Group: / Slice: -.slice Boot ID: 39148e30bd89408ea9bdd073a5392201 Machine ID: bd068ebb16484c349fa66b8e69e1c05a Hostname: snort Message: Process 16540 (snort) of user 0 dumped core. Stack trace of thread 16547: #0 0x00007fd3902bc256 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareERKS4_ (libstdc++.so.6) #1 0x0000000000575843 _ZStltIcSt11char_traitsIcESaIcEEbRKNSt7__cxx1112basic_stringIT_T0_T1_EESA_ (snort) #2 0x0000000000575305 _ZNKSt4lessINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_S8_ (snort) #3 0x0000000000588cf0 _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_ESt4lessIS5_ESaISE_EE14_M_lower_boundEPSt13_Rb_tree_nodeISE_ESN_RS7_ (snort) #4 0x000000000058803c _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_ESt4lessIS5_ESaISE_EE4findERS7_ (snort) #5 0x00000000005875cb _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIPN5snort11DataHandlerESaIS9_EESt4lessIS5_ESaISt4pairIKS5_SB_EEE4findERSF_ (snort) #6 0x0000000000586d8d _ZN5snort7DataBus8_publishEPKcRNS_9DataEventEPNS_4FlowE (snort) #7 0x0000000000586823 _ZN5snort7DataBus7publishEPKcRNS_9DataEventEPNS_4FlowE (snort) #8 0x000000000058695d _ZN5snort7DataBus7publishEPKcPNS_6PacketEPNS_4FlowE (snort) #9 0x00000000005ecfa0 _ZN5snort5Snort11thread_idleEv (snort) #10 0x00000000005d7616 _ZN8Analyzer7analyzeEv (snort) #11 0x00000000005d73bb _ZN8AnalyzerclEP7Swappert (snort) #12 0x0000000000547cda _ZSt8__invokeI8AnalyzerJP7SwappertEENSt9enable_ifIXaaaantsrSt17is_member_pointerIT_E5valuentsrSt11is_functionIS5_E5valuentsrS7_INSt14remove_pointerIS5_E4typeEE5valueENSt9result_ofIFRS5_DpOT0_EE4typeEE4typeESE_SH_ (snort) #13 0x0000000000547c79 _ZNKSt17reference_wrapperI8AnalyzerEclIJP7SwappertEEENSt9result_ofIFRS0_DpOT_EE4typeES9_ (snort) #14 0x0000000000547c21 _ZNSt12_Bind_simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEE9_M_invokeIJLm0ELm1EEEEvSt12_Index_tupleIJXspT_EEE (snort) #15 0x0000000000547ad8 _ZNSt12_Bind_simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEEclEv (snort) #16 0x0000000000547a68 _ZNSt6thread5_ImplISt12_Bind_simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEEE6_M_runEv (snort) #17 0x00007fd390253c80 n/a (libstdc++.so.6) #18 0x00007fd3918ce6ba start_thread (libpthread.so.0) #19 0x00007fd38fbcf41d __clone (libc.so.6) Stack trace of thread 16540: #0 0x00007fd3918d7c1d __nanosleep (libpthread.so.0) #1 0x000000000054392c service_check (snort) #2 0x0000000000543f0d main_loop (snort) #3 0x0000000000544012 snort_main (snort) #4 0x00000000005440d9 main (snort) #5 0x00007fd38fae8830 __libc_start_main (libc.so.6) #6 0x00000000005421e9 _start (snort) Refusing to dump core to tty. Another trace PID: 13618 (snort) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Wed 2018-07-11 00:44:51 UTC (1 weeks 2 days ago) Command Line: /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules --plugin-path=/usr/local/lib/snort_extra -Q -D Executable: /usr/local/bin/snort Control Group: / Slice: -.slice Boot ID: 39148e30bd89408ea9bdd073a5392201 Machine ID: bd068ebb16484c349fa66b8e69e1c05a Hostname: snort Message: Process 13618 (snort) of user 0 dumped core. Stack trace of thread 13625: #0 0x00007fdbc7dbd256 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareERKS4_ (libstdc++.so.6) #1 0x0000000000575843 _ZStltIcSt11char_traitsIcESaIcEEbRKNSt7__cxx1112basic_stringIT_T0_T1_EESA_ (snort) #2 0x0000000000575305 _ZNKSt4lessINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_S8_ (snort) #3 0x0000000000588cf0 _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_ESt4lessIS5_ESaISE_EE14_M_lower_boundEPSt13_Rb_tree_nodeISE_ESN_RS7_ (snort) #4 0x000000000058803c _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St6vectorIPN5snort11DataHandlerESaISB_EEESt10_Select1stISE_ESt4lessIS5_ESaISE_EE4findERS7_ (snort) #5 0x00000000005875cb _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIPN5snort11DataHandlerESaIS9_EESt4lessIS5_ESaISt4pairIKS5_SB_EEE4findERSF_ (snort) #6 0x0000000000586d8d _ZN5snort7DataBus8_publishEPKcRNS_9DataEventEPNS_4FlowE (snort) #7 0x0000000000586823 _ZN5snort7DataBus7publishEPKcRNS_9DataEventEPNS_4FlowE (snort) #8 0x000000000058695d _ZN5snort7DataBus7publishEPKcPNS_6PacketEPNS_4FlowE (snort) #9 0x00000000005ecfa0 _ZN5snort5Snort11thread_idleEv (snort) #10 0x00000000005d7616 _ZN8Analyzer7analyzeEv (snort) #11 0x00000000005d73bb _ZN8AnalyzerclEP7Swappert (snort) #12 0x0000000000547cda _ZSt8__invokeI8AnalyzerJP7SwappertEENSt9enable_ifIXaaaantsrSt17is_member_pointerIT_E5valuentsrSt11is_functionIS5_E5valuentsrS7_INSt14remove_pointerIS5_E4typeEE5valueENSt9result_ofIFRS5_DpOT0_EE4typeEE4typeESE_SH_ (snort) #13 0x0000000000547c79 _ZNKSt17reference_wrapperI8AnalyzerEclIJP7SwappertEEENSt9result_ofIFRS0_DpOT_EE4typeES9_ (snort) #14 0x0000000000547c21 _ZNSt12_Bind_simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEE9_M_invokeIJLm0ELm1EEEEvSt12_Index_tupleIJXspT_EEE (snort) #15 0x0000000000547ad8 _ZNSt12_Bind_simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEEclEv (snort) #16 0x0000000000547a68 _ZNSt6thread5_ImplISt12_Bind_simpleIFSt17reference_wrapperI8AnalyzerEP7SwappertEEE6_M_runEv (snort) #17 0x00007fdbc7d54c80 n/a (libstdc++.so.6) #18 0x00007fdbc93cf6ba start_thread (libpthread.so.0) #19 0x00007fdbc76d041d __clone (libc.so.6) Stack trace of thread 13618: #0 0x00007fdbc93d8c1d __nanosleep (libpthread.so.0) #1 0x000000000054392c service_check (snort) #2 0x0000000000543f0d main_loop (snort) #3 0x0000000000544012 snort_main (snort) #4 0x00000000005440d9 main (snort) #5 0x00007fdbc75e9830 __libc_start_main (libc.so.6) #6 0x00000000005421e9 _start (snort) Refusing to dump core to tty. Any ideas? Regards, Alan _______________________________________________ Snort-users mailing list Snort-users () lists snort org https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Snort-users Digest, Vol 14, Issue 7 Mandy Aguirre via Snort-users (Jul 21)
- Re: Snort-users Digest, Vol 14, Issue 7 wkitty42--- via Snort-users (Jul 23)