Re: snort 2.9.0.3 bug? SIGUSR1 broken ?

[Michael Scheidell <michael.scheidell () secnap com>]

Its broken. Horribly broken which is why it wasn't committed.  I am working with Dean at snort on  this.HORRIBLY broken.
Have a port that is close.  Just need to finalize one on the preprocessir rulesets.
--
Michael Scheidell
CTO SECNAP Network Security
561-948-2259<tel:5619482259>


-----Original message-----
From: Nigel Houghton <nhoughton () sourcefire com>
To: Michael Scheidell <michael.scheidell () secnap com>
Cc: Snort Users <snort-users () lists sourceforge net>
Sent: Sat, Jan 29, 2011 17:35:49 GMT+00:00
Subject: Re: [Snort-users] snort 2.9.0.3 bug? SIGUSR1 broken ?


FYI: The FreeBSD port for 2.9.0.3 is already done, it's just waiting to
be added to the ports tree. The DAQ was already added.

On Sat, 29 Jan 2011 14:59:22 +0000, Michael Scheidell wrote:
> Then its a ports issue or snort.conf issue. Did you build yours with
> targeted?
> What tables is it looking for and where should they be?
>
> Anything in the conf file?
> Once done I should have the port for freebsd done
> --
> Michael Scheidell
> CTO SECNAP Network Security
> 561-948-2259<tel:5619482259>
>
>
> -----Original message-----
> From: Joel Esler <jesler () sourcefire com>
> To: Michael Altizer <xiche () verizon net>
> Cc: Michael Scheidell <michael.scheidell () secnap com>,
> "snort-users () lists sourceforge net"
> <snort-users () lists sourceforge net>
> Sent: Sat, Jan 29, 2011 13:20:26 GMT+00:00
> Subject: Re: [Snort-users] snort 2.9.0.3 bug? SIGUSR1 broken?
>
> Kill -USR1 <pid of snort>
>
> Works for me on my box.
>
> --
> Sent from my iPhone
> Skype:eslerjoel
>
> On Jan 29, 2011, at 1:46 AM, Michael Altizer <xiche () verizon net> wrote:
>
> > On 01/29/2011 01:13 AM, Michael Scheidell wrote:
> > > On 1/29/11 1:06 AM, Russ Combs wrote:
> > > > Sorry, I understood your question but not the platform you specified.
> > > which platform needs a SIGBUS (signal number 10)  to dump stats
> > > to       syslog?
> > > isn't it SIGUSR1 on all supported platforms?
> > > doesn't the man page say SIGUSR1 (30)?  doesn't the manual say
> > > SIGUSR1 (30)?
> > >
> > > and if you understood my question, how could 'kill -10' possibly
> > > answer it?
> > > signal 10 is  BUSERROR on every posix system that I know of.
> > >
> > > and, what does my platform have to do with anything?
> > > you got some strange TRS80 that uses 10 as SIGUSR1?
> > Actually, if you read the signal(7) man page you'll see that the
> > POSIX specification is pretty loose with a number of the signal
> > value definitions.  SIGUSR1 can be 30, 10, or 16.  For example,
> > x86-based Linux, which could be considered a relatively non-obscure
> > operating system, defines SIGUSR1 as 10.  In fact, the only flavors
> > of Linux that use 30 for SIGUSR1 are DEC Alpha and SPARC.  And since
> > you asked, SIGBUS can be either 7 or 10.
> >
> > -Michael
------------------------------------------------------------------------------
> > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> > Finally, a world-class log management solution at an even better
> > price-free!
> > Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> > February 28th, so secure your free ArcSight Logger TODAY!
> > http://p.sf.net/sfu/arcsight-sfd2d
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users