RE: [Snort-users] SEGV fault with Solaris 9/Snort 2.6.0RC1

I have found a work-around to the problem....

It turns out that unless I specify the interface name on the command line, 
pv.interface was being set to 0x0, ie the NULL pointer. This in turned caused 
escapedInterfaceName to also be set to NULL.

When I specify "-i hme0" on the command line, then pv.interface gets set, and 
everyone downstream is happy; snort starts up, and alerts are getting logged to 
the database.



-----Original Message-----
From:   Justin Heath [mailto:jheath@sourcefire.com]
Sent:   Tue 04/25/2006 10:44 AM
To:     snort-users@lists.sourceforge.net
Cc:     Miner, Jonathan W (CSC) (US SSA); snort-beta@sourcefire.com
Subject:        Re: [Snort-users] SEGV fault with Solaris 9/Snort 2.6.0RC1

2.6 requires a schema change so you will need to update that if you have not 
done so already. If you still see the issue after updating the schema add 
--enable-debug to your configure arguments and send in the stack trace.


Thanks,
Justin Heath

On Tuesday 25 April 2006 09:41, Miner, Jonathan W (CSC) (US SSA) wrote:
> Hi -
>
> I'm just starting to test version 2.6.0RC, and I'm getting a SEGV when
> trying to parse the "output directive" in my snort.conf file.
>
> /var/adm/messages:
>
> Apr 24 16:14:43 outcast snort[11235]: [ID 702911 daemon.notice] ***
> Apr 24 16:14:43 outcast snort[11235]: [ID 702911 daemon.notice] *** Snort
> caught a SEGV exception, shutting down. Apr 24 16:14:43 outcast
> snort[11235]: [ID 702911 daemon.notice] *** SEGV caught while parsing
> '../rules/snort.conf' at line 684.
>
> Output from `cat -n snort.conf`:
>
>      1  #--------------------------------------------------
>      2  #   http://www.snort.org     Snort current Ruleset
>      3  #     Contact: snort-sigs@lists.sourceforge.net
>      4  #--------------------------------------------------
>      5  # $Id: snort.conf,v 1.165 2006/03/15 18:56:59 ssturges Exp $
> .
> .
> .
>    679  # database: log to a variety of databases
>    680  # ---------------------------------------
>    681  # See the README.database file for more information about
> configuring 682  # and using this plugin.
>    683  #
>    684  output database: log, mysql, user=snort password=AbCdE@fGh
> dbname=snort host=localhost 685  # output database: alert, postgresql,
> user=snort dbname=snort
>
> This is exact same syntax I've used with version 2.4.3, and I'm using the
> snort.conf file that came with the 2.6.0RC1 tar file.  Changing the
> password to something invalid still results in the SEGV.
>
> What am I missing?
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list