Snort mailing list archives

RE: Seg Fault on Snort with MySQL on Redhat 7.0

From: "Baker, J" <James.Baker () aramcoservices com>
Date: Thu, 23 Aug 2001 13:52:35 -0500

Sure here is the backtrace of the coredump.

Thanks,

        J. Baker

============================================================================
======
[root@localhost mysql]#  gdb /usr/local/bin/snort core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `/usr/local/bin/snort -h 10.241.100.0/24 -N -l
/var/log/sn
ort -c /usr/local/etc/'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/mysql/libmysqlclient.so.9...done.
Loaded symbols for /usr/lib/mysql/libmysqlclient.so.9
Reading symbols from /usr/lib/libpq.so.2.1...done.
Loaded symbols for /usr/lib/libpq.so.2.1
Reading symbols from /usr/lib/libssl.so.0...done.
Loaded symbols for /usr/lib/libssl.so.0
Reading symbols from /usr/lib/libcrypto.so.0...done.
Loaded symbols for /usr/lib/libcrypto.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_nisplus.so.2...done.
Loaded symbols for /lib/libnss_nisplus.so.2
Reading symbols from /lib/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
#0  0x80549f6 in AppendOutputFuncList (func=0x804feec <NoLog>, arg=0x0,
---Type <return> to continue, or q <return> to quit---
    list=0x8103ae0) at rules.c:1542
1542    rules.c: No such file or directory.
(gdb) backtrace
#0  0x80549f6 in AppendOutputFuncList (func=0x804feec <NoLog>, arg=0x0,
    list=0x8103ae0) at rules.c:1542
#1  0x805499a in AddFuncToOutputList (func=0x804feec <NoLog>, node_type=1,
    arg=0x0) at rules.c:1516
#2  0x805490a in SetOutputList (func=0x804feec <NoLog>, node_type=1 '\001',
    arg=0x0) at rules.c:1493
#3  0x804b8e7 in main (argc=8, argv=0xbffffc74) at snort.c:436
#4  0x401a3b65 in __libc_start_main (main=0x804b2ac <main>, argc=8,
    ubp_av=0xbffffc74, init=0x804a670 <_init>, fini=0x8083b2c <_fini>,
    rtld_fini=0x4000df24 <_dl_fini>, stack_end=0xbffffc6c)
    at ../sysdeps/generic/libc-start.c:111
(gdb)

-----Original Message-----
From: roman () danyliw com [mailto:roman () danyliw com]
Sent: Thursday, August 23, 2001 9:40 AM
To: Baker, J
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Seg Fault on Snort with MySQL on Redhat 7.0


Can you send us the backtrace of the coredump:

$ gdb ./snort core
(gdb) backtrace

cheers,
Roman

I am trying to get snort up and working with MySQL.  Snort seems to run

fine

standalone, but when I try to send output to MySQL I get a Seg Fault. Does
anybody have any hints?

Thanks,
      J. Baker


Details
=======================================================
OS Redhat 7.0 i386
Snort 1.8.1-RELEASE
MySQL 3.23.22-beta

snort.conf for MySQL
output database: log, mysql, dbname=snort user=snort host=localhost



startup command:
 /usr/local/bin/snort -h 10.241.100.0/24 -N -l /var/log/snort -c
/usr/local/etc/snort.conf &

Snort Output:
Log directory = /var/log/snort
        --== Initializing Snort ==--

Initializing Network Interface eth0
Kernel filter, protocol ALL, raw packet socket
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql postgresql )
database: configured to use mysql
database: database name = snort
database:          user = snort
database:          host = localhost
database:   sensor name = 10.241.100.107
database:     sensor id = 1
database: schema version = 103
database: using the "log" facility
908 Snort rules read...
908 Option Chains linked into 135 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

[3]+  Segmentation fault      (core dumped)


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Seg Fault on Snort with MySQL on Redhat 7.0 Baker, J (Aug 23)
- <Possible follow-ups>
- Re: Seg Fault on Snort with MySQL on Redhat 7.0 roman (Aug 23)
- RE: Seg Fault on Snort with MySQL on Redhat 7.0 Baker, J (Aug 23)