OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Snort-users] segfault - how to troubleshoot

From: Doug Burks (doug.burksgmail.com)
Date: Tue Jan 31 2012 - 12:54:11 CST

It happened at 7:01, which is the time of our daily cronjob in
Security Onion to run PulledPork and restart Snort. I'll look into
it.

Thanks,
Doug

On Tue, Jan 31, 2012 at 1:16 PM, Russ Combs <rcombssourcefire.com> wrote:
>
>
> On Tue, Jan 31, 2012 at 12:53 PM, Mark W. Jeanmougin
> <mark.jeanmougincchmc.org> wrote:
>>
>> On 01/31/2012 11:56 AM, Joe S wrote:
>> > Any recommendation on how to troubleshoot? Snort was running for 22
>> > hours.
>>
>> Was a core dump generated?
>>
>> To see if core dumps are enabled, run "ulimit -a". The top line is for
>> "core file size". If it is set to zero, then you won't get one.
>>
>> Running "ulimit -c unlimited" before you start snort will enable them.
>
>
> Also, the core will be more informative if you can build with ./configure
> --enable-debug.  If you use gcc, that will still produced optimized code so
> the performance hit shouldn't be too much.
>
> What happened 22 hours ago?  Did you reconfigure or load new rules?  Any new
> so rules?
>>
>>
>> MJ
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Keep Your Developer Skills Current with LearnDevNow!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-d2d
>> _______________________________________________
>> Snort-users mailing list
>> Snort-userslists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

--
Doug Burks
SANS GSE and Community Instructor
Security Onion | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Please vote for Security Onion for 2011 Toolsmith Tool of the Year! |
http://goo.gl/PwTDi

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!