Re: [Snort-users] 2.2.0RC1 crash
This is a discussion on Re: [Snort-users] 2.2.0RC1 crash within the Snort forums, part of the System Security and Security Related category; System Architecture: Sparc compiled on Sun V120, ran on Ultra 2, dual processor, 1GB RAM Operating System and version: Sun ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-06-2004
|
|||
|
|||
Re: [Snort-users] 2.2.0RC1 crash
System Architecture: Sparc compiled on Sun V120, ran on Ultra 2, dual
processor, 1GB RAM Operating System and version: Sun Solaris 5.8 Version of Snort: Snort 2.2.0 RC1 What preprocessors you loaded: preprocessor flow: stats_interval 0 hash 2 preprocessor frag2: timeout 30 preprocessor stream4: disable_evasion_alerts, detect_scans preprocessor stream4_reassemble preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ profile apache \ ports { 80 8080 } \ no_alerts preprocessor rpc_decode: 111 32771 preprocessor telnet_decode preprocessor perfmonitor: time 300 flow events file snort.stats pktcnt 10000 What rules (if any) you were using: A variety of standard rules, plus some local, but nothing new that didn't run on 2.1.3. I just changed the symlink to the binary and restarted snort, all the configs, rules, etc worked perfectly on 2.1.3 What output plug-ins you loaded: output log_tcpdump: tcpdump.log output alert_fast: alert output log_unified: filename unified.log, limit 128 What command line switches you were using: snort -dvezoDi qfe0 -c snort.conf -l /some/log/dir Any Snort error messages: Jul 2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error] FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length: 2E8) Hope this helps On Mon, 5 Jul 2004 23:20:06 -0400, Martin Roesch <roesch@sourcefire.com> wrote: > Hm. That message is generated when a malloc fails, sounds like the > Snort process ran itself out of memory? Perhaps we have a memory leak > or some such. Can you please read the BUGS file and give us a full > report? > > -Marty > > > > On Jul 2, 2004, at 11:53 AM, sekure wrote: > > > I compiled and ran the snort 2.2.0-RC1 binary on Solaris 8, in 32-bit > > mode. > > > > About 5-10 minutes after launching 3 snort processes (i have 3 > > interfaces I am sniffing on), all 3 crash at the exact same time. > > This happened twice with similar errors.... > > > > Jul 2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error] > > FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length: > > 2E8) > > Jul 2 11:43:47 inet-ids01 snort[13170]: [ID 379120 daemon.error] > > FATAL ERROR: PrintNetData(): Failed allocating 1777 bytes! (Length: > > 5A8) > > Jul 2 11:43:47 inet-ids01 snort[13180]: [ID 379120 daemon.error] > > FATAL ERROR: PrintNetData(): Failed allocating 17B9 bytes! (Length: > > 5B4) > > > > i couldn't find the core files, don't think any were generated. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
