|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] 2.2.0RC1 crash
From: sekure (sekure
gmail.com)
Date: Tue Jul 06 2004 - 08:01:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
System Architecture: Sparc compiled on Sun V120, ran on Ultra 2, dual
processor, 1GB RAM
Operating System and version: Sun Solaris 5.8
Version of Snort: Snort 2.2.0 RC1
What preprocessors you loaded:
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2: timeout 30
preprocessor stream4: disable_evasion_alerts, detect_scans
preprocessor stream4_reassemble
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
profile apache \
ports { 80 8080 } \
no_alerts
preprocessor rpc_decode: 111 32771
preprocessor telnet_decode
preprocessor perfmonitor: time 300 flow events file snort.stats pktcnt 10000
What rules (if any) you were using:
A variety of standard rules, plus some local, but nothing new that
didn't run on 2.1.3. I just changed the symlink to the binary and
restarted snort, all the configs, rules, etc worked perfectly on 2.1.3
What output plug-ins you loaded:
output log_tcpdump: tcpdump.log
output alert_fast: alert
output log_unified: filename unified.log, limit 128
What command line switches you were using:
snort -dvezoDi qfe0 -c snort.conf -l /some/log/dir
Any Snort error messages:
Jul 2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error]
FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length:
2E8)
Hope this helps
On Mon, 5 Jul 2004 23:20:06 -0400, Martin Roesch <roeschsourcefire.com> wrote:
> Hm. That message is generated when a malloc fails, sounds like the
> Snort process ran itself out of memory? Perhaps we have a memory leak
> or some such. Can you please read the BUGS file and give us a full
> report?
>
> -Marty
>
>
>
> On Jul 2, 2004, at 11:53 AM, sekure wrote:
>
> > I compiled and ran the snort 2.2.0-RC1 binary on Solaris 8, in 32-bit
> > mode.
> >
> > About 5-10 minutes after launching 3 snort processes (i have 3
> > interfaces I am sniffing on), all 3 crash at the exact same time.
> > This happened twice with similar errors....
> >
> > Jul 2 11:43:47 inet-ids01 snort[13190]: [ID 379120 daemon.error]
> > FATAL ERROR: PrintNetData(): Failed allocating C1F bytes! (Length:
> > 2E8)
> > Jul 2 11:43:47 inet-ids01 snort[13170]: [ID 379120 daemon.error]
> > FATAL ERROR: PrintNetData(): Failed allocating 1777 bytes! (Length:
> > 5A8)
> > Jul 2 11:43:47 inet-ids01 snort[13180]: [ID 379120 daemon.error]
> > FATAL ERROR: PrintNetData(): Failed allocating 17B9 bytes! (Length:
> > 5B4)
> >
> > i couldn't find the core files, don't think any were generated.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]