Re: Snort 2.9.0.0 segfaulting [SEC=UNCLASSIFIED]

[Russ Combs <rcombs () sourcefire com>]

Thanks Chris.  That should do it.

If it is set, you might try removing "overlap_limit <#>" from stream5_tcp in
your conf.  There is an issue with excessive overlaps that will be resolved
in the next release.

Russ
On Mon, Oct 25, 2010 at 7:34 PM, STEVENS, Chris <csx () ansto gov au> wrote:

>  Russ,
>
>
>
> I’ve also experienced a similar issue.
>
>
>
> Oct 26 09:40:43 someids kernel: snort[13563]: segfault at 0000000000000060
> rip 00000000004774ac rsp 00007fff2686fce0 error 4
>
>
>
> [root@someids ~]# uname -a
>
> Linux someids 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010
> x86_64 x86_64 x86_64 GNU/Linux
>
>
>
> I’ve just recompiled with –enable-debug to capture a core file when it
> happens next (seems to occur every couple of days) so will bundle that in
> with the configs when it occurs.
>
>
>
> Anything else you need?
>
>
>
> Cheers,
>
> Chris
>
>
>  ------------------------------
>
> *From:* Russ Combs [mailto:rcombs () sourcefire com]
> *Sent:* Tuesday, 19 October 2010 2:54 AM
> *To:* Miguel Alvarez
> *Cc:* snort-users () lists sourceforge net
> *Subject:* Re: [Snort-users] Snort 2.9.0.0 segfaulting
>
>
>
> Thanks for reporting the issue.  Can you send your configuration so we have
> a little more to go on (both config.log and snort.conf)?
>
> And any chance you can rebuild and provide a core file should it happen
> again?
>
> Russ
>
> On Mon, Oct 18, 2010 at 11:31 AM, Miguel Alvarez <miguellvrz9 () gmail com>
> wrote:
>
> Over the weekend, my snort 2.9.0.0 segfaulted twice within 25 minutes.
>  This is an older system so it very well could be faulty hardware but
> I hadn't seen this with previous versions.  I built it with
> --disable-corefile so that's not available.  I just wanted to see if
> anyone else had experienced this as well.
>
> Oct 16 12:04:55 homenids kernel: snort[5133]: segfault at
> 0000000000000060 rip 000000000048f80e rsp 00007fff9c213190 error 4
> Oct 16 12:29:03 homenids kernel: snort[12421]: segfault at
> 0000000000000060 rip 000000000048f80e rsp 00007fffe456aa30 error 4
>
> This is on an HP DL385 G1 running CentOS 5.5 x86_x64.  I started it
> again and it's been running fine since.
>
>
> ------------------------------------------------------------------------------
> Download new Adobe(R) Flash(R) Builder(TM) 4
> The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
> Flex(R) Builder(TM)) enable the development of rich applications that run
> across multiple browsers and platforms. Download your free trials today!
> http://p.sf.net/sfu/adobe-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users