Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 2.2.0RC1 crash

From: sekure <sekure () gmail com>
Date: Tue, 6 Jul 2004 09:01:27 -0400
System Architecture: Sparc compiled on Sun V120, ran on Ultra 2, dual
processor, 1GB RAM

Operating System and version:  Sun Solaris 5.8

Version of Snort:  Snort 2.2.0 RC1

What preprocessors you loaded:

preprocessor flow: stats_interval 0 hash 2
preprocessor frag2: timeout 30
preprocessor stream4: disable_evasion_alerts, detect_scans
preprocessor stream4_reassemble
preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
    profile apache \
    ports { 80 8080 } \
    no_alerts
preprocessor rpc_decode: 111 32771
preprocessor telnet_decode
preprocessor perfmonitor: time 300 flow events file snort.stats pktcnt 10000

What rules (if any) you were using:
A variety of standard rules, plus some local, but nothing new that
didn't run on 2.1.3.  I just changed the symlink to the binary and
restarted snort, all the configs, rules, etc worked perfectly on 2.1.3

What output plug-ins you loaded:

output log_tcpdump: tcpdump.log
output alert_fast: alert
output log_unified: filename unified.log, limit 128

What command line switches you were using:
snort -dvezoDi qfe0 -c snort.conf -l /some/log/dir

Any Snort error messages:
Jul  2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error]
FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length:
2E8)

Hope this helps


On Mon, 5 Jul 2004 23:20:06 -0400, Martin Roesch <roesch () sourcefire com> wrote:

Hm.  That message is generated when a malloc fails, sounds like the
Snort process ran itself out of memory?  Perhaps we have a memory leak
or some such.  Can you please read the BUGS file and give us a full
report?

      -Marty



On Jul 2, 2004, at 11:53 AM, sekure wrote:


I compiled and ran the snort 2.2.0-RC1 binary on Solaris 8, in 32-bit
mode.

About 5-10 minutes after launching 3 snort processes (i have 3
interfaces I am sniffing on), all 3 crash at the exact same time.
This happened twice with similar errors....

Jul  2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error]
FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length:
2E8)
Jul  2 11:43:47 inet-ids01 snort[13170]: [ID 379120 daemon.error]
FATAL ERROR: PrintNetData(): Failed allocating 1777 bytes! (Length:
5A8)
Jul  2 11:43:47 inet-ids01 snort[13180]: [ID 379120 daemon.error]
FATAL ERROR: PrintNetData(): Failed allocating 17B9 bytes! (Length:
5B4)

i couldn't find the core files, don't think any were generated.



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: