Home page logo
/

snort logo Snort mailing list archives

Re: Snort 2.9.0.0 segfaulting [SEC=UNCLASSIFIED]
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 25 Oct 2010 19:50:38 -0400

Thanks Chris.  That should do it.

If it is set, you might try removing "overlap_limit <#>" from stream5_tcp in
your conf.  There is an issue with excessive overlaps that will be resolved
in the next release.

Russ
On Mon, Oct 25, 2010 at 7:34 PM, STEVENS, Chris <csx () ansto gov au> wrote:

 Russ,



I’ve also experienced a similar issue.



Oct 26 09:40:43 someids kernel: snort[13563]: segfault at 0000000000000060
rip 00000000004774ac rsp 00007fff2686fce0 error 4



[root () someids ~]# uname -a

Linux someids 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010
x86_64 x86_64 x86_64 GNU/Linux



I’ve just recompiled with –enable-debug to capture a core file when it
happens next (seems to occur every couple of days) so will bundle that in
with the configs when it occurs.



Anything else you need?



Cheers,

Chris


 ------------------------------

*From:* Russ Combs [mailto:rcombs () sourcefire com]
*Sent:* Tuesday, 19 October 2010 2:54 AM
*To:* Miguel Alvarez
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] Snort 2.9.0.0 segfaulting



Thanks for reporting the issue.  Can you send your configuration so we have
a little more to go on (both config.log and snort.conf)?

And any chance you can rebuild and provide a core file should it happen
again?

Russ

On Mon, Oct 18, 2010 at 11:31 AM, Miguel Alvarez <miguellvrz9 () gmail com>
wrote:

Over the weekend, my snort 2.9.0.0 segfaulted twice within 25 minutes.
 This is an older system so it very well could be faulty hardware but
I hadn't seen this with previous versions.  I built it with
--disable-corefile so that's not available.  I just wanted to see if
anyone else had experienced this as well.

Oct 16 12:04:55 homenids kernel: snort[5133]: segfault at
0000000000000060 rip 000000000048f80e rsp 00007fff9c213190 error 4
Oct 16 12:29:03 homenids kernel: snort[12421]: segfault at
0000000000000060 rip 000000000048f80e rsp 00007fffe456aa30 error 4

This is on an HP DL385 G1 running CentOS 5.5 x86_x64.  I started it
again and it's been running fine since.


------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault