Snort mailing list archives
Urgent Bus error!
From: User BALGAA System Engineer <balgaa () publica ub mng net>
Date: Thu, 10 Jan 2002 16:05:08 +0800 (ULAT)
Hello,
I new to Snort IDS. Successfully, I installed Snort-1.8.3 on Sparc Redhat
Linux-6.2.
My configure:
./configure --with-snmp --with-openssl --enable-flexresp
--enable-smbalerts --with-mysql=/usr/local/mysql
Also successfully, I installed on Redhat box following libraries:
1.libpcap-0.6.2
2.libnet-1.0.2a
3.ucd-snmp-4.2.3
4.Mysql-3.23.47
5.OpenSSL-0.9.5a
I am trying to use Snort with Demarc packages. Already I added 2-sensors
to Demarc MySQL snort database.
But when I try to start demarcd, I got "Bus error" messages from snort.
I checked with gdb, result following:
[root@web2 bin]# gdb snort
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc-redhat-linux"...
(gdb) r
Starting program: /usr/local/bin/snort
Log directory = /var/log/snort
Initializing Network Interface eth0
using config file /root/.snortrc
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /root/.snortrc
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc
Fatal Error, Quitting..
Program exited with code 01.
(gdb) quit
[root@web2 bin]# cp /usr/local/demarc/conf/snort.conf /root/.snortrc
[root@web2 bin]# gdb snort
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc-redhat-linux"...
(gdb) r
Starting program: /usr/local/bin/snort
Log directory = /var/log/snort
Initializing Network Interface eth0
using config file /root/.snortrc
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /root/.snortrc
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: database name = snort
database: password is set
database: host = localhost
database: sensor name = Snort
database: sensor id = 1
database: schema version = 104
database: using the "log" facility
1253 Snort rules read...
1253 Option Chains linked into 149 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
Rule application order: ->activation->dynamic->alert->pass->log
--== Initializing Snort ==--
Decoding Ethernet on interface eth0
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
Program received signal SIGBUS, Bus error.
DecodeIP (pkt=0xf5556 "E\020", len=52, p=0xeffff570) at decode.c:1194
1194 if(p->iph->ip_ver != 4)
(gdb) bt
#0 DecodeIP (pkt=0xf5556 "E\020", len=52, p=0xeffff570) at decode.c:1194
#1 0x1afe4 in DecodeEthPkt (p=0xeffff570, pkthdr=0xeffffa50, pkt=0xf5548
"\b")
at decode.c:85
#2 0x13598 in ProcessPacket (user=0x0, pkthdr=0xca800, pkt=0xf5548 "\b")
at snort.c:486
#3 0x4beb4 in pcap_read_packet ()
#4 0x4bc68 in pcap_read ()
#5 0x4cd3c in pcap_loop ()
#6 0x15028 in InterfaceThread (arg=0xca9f8) at snort.c:1663
#7 0x1356c in main (argc=1, argv=0xeffffd64) at snort.c:469
(gdb)
What is this mean? How can I to fix it?
Any help, suggestion and idea?
Thanks,
Balgaa
E-mail:balgaa () micom mng net
Micom Co., Ltd
Ulaanbaatar
Mongolia.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Urgent Bus error! User BALGAA System Engineer (Jan 09)
- Re: Urgent Bus error! John Sage (Jan 10)
- Re: Urgent Bus error! User BALGAA System Engineer (Jan 10)
- Re: Urgent Bus error! John Sage (Jan 10)
- Re: Urgent Bus error! User BALGAA System Engineer (Jan 10)
- Re: Urgent Bus error! John Sage (Jan 10)