Snort mailing list archives
FreeBSD + Mysql + Snort
From: "Hall, Duane" <hallu () hastings-ent com>
Date: Wed, 17 Apr 2002 11:38:46 -0500
Intel X86
FreeBSD 4.5-RELEASE
Snort Version 1.8.6 build 105
No preprocessors
No rules enabled
Output Plugins:
output database: log, mysql, user=root password=xxxxx dbname=snortdb
host=xxx.
xxx.xxx.22
command line:
snort -b -l /usr/storage/snort/logs -L snort.log -c
/usr/storage/snort/conf/snort.conf
Output From Snort:
sensor# snort -b -l /usr/storage/snort/logs -L snort.log -c
/usr/storage/snort/conf/snort.conf
Log directory = /usr/storage/snort/logs
Initializing Network Interface em0
--== Initializing Snort ==--
Decoding Ethernet on interface em0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/storage/snort/conf/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Segmentation fault (core dumped)
sensor# Apr 17 11:30:51 sensor /kernel: em0: promiscuous mode enabled
Apr 17 11:30:51 sensor /kernel: pid 20938 (snort), uid 0: exited on
signal 11(core dumped)
Apr 17 11:30:51 sensor /kernel: em0: promiscuous mode disabled
sensor#
GDB Output:
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `snort'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/lib/libpcap.so.2...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from
/usr/local/mysql/lib/mysql//libmysqlclient.so.10...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0 0x28169254 in strdup () from /usr/lib/libc.so.4
(gdb) bt
#0 0x28169254 in strdup () from /usr/lib/libc.so.4
#1 0x8056473 in VarDefine (name=0x80b98b0 "HOME_NET",
value=0x6e652050 <Address 0x6e652050 out of bounds>) at rules.c:3110
#2 0x8054034 in ParseRule (rule_file=0x2819e620,
prule=0xbfbff760 "var HOME_NET $fdx0_ADDRESS ", inclevel=0) at
rules.c:531
#3 0x8053b8b in ParseRulesFile (
file=0x8093f64 "/usr/storage/snort/conf/snort.conf", inclevel=0)
at rules.c:198
#4 0x804a750 in main (argc=8, argv=0xbfbffbf4) at snort.c:335
(gdb) quit
Copy of previous e-mail:
I keep getting a exit on signal 11 on Freebsd 4.5-Release. Has anyone
had this problem before. It seems to happen right after it tries to
initialize the rules. I recompiled the kernel with i686 and not loading
anything I don't need. If someone could just give me a direction to go.
Thanks in Advance
Duane
System:
Freebsd 4.5 + SMP
2 X Pentium III 1.4
1GB Ram
2 X 18 GB HD (Raid 1)
Intel Pro 10/100
Intel Pro/1000
**************************
Duane Hall
Security Administrator
Hastings Entertainment, Inc.
hallu () hastings-ent com
**************************
Duane Hall
Security Administrator
Hastings Entertainment, Inc.
806-351-2300 X-3945
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FreeBSD + Mysql + Snort Hall, Duane (Apr 17)
- <Possible follow-ups>
- RE: FreeBSD + Mysql + Snort Wirth, Jeff (Apr 17)
- RE: FreeBSD + Mysql + Snort Hall, Duane (Apr 17)
- RE: FreeBSD + Mysql + Snort Erek Adams (Apr 17)
- FreeBSD + Mysql + Snort Hall, Duane (Apr 17)
- RE: FreeBSD + Mysql + Snort Hall, Duane (Apr 17)