[Barnyard-users] Solaris8/Barnyard-beta7 core dump
Status: Beta
Brought to you by:
andrewbaker
Menu
▾
▴
[Barnyard-users] Solaris8/Barnyard-beta7 core dump
|
From: ronm <ro...@mi...> - 2002-06-19 17:01:56
|
Andrew,
I sent in a problem report on barnyard core dumping a few days ago.
Following are
more details. All systems are lab boxes so I didn't bother to sanitize
the output. By
the way if bribing you with a six pack of your favorite brew might
expedite a patch
just let me know where to ship. :-)
Thanks Ron
# uname -a
SunOS sensor3 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
SNORT config file unified output lines.
# Two arguments are supported.
# filename - base filename to write to (current time_t is appended)
# limit - maximum size of spool file in MB (default: 128)
#
# output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
SNORT startup command line msgs.
# /usr/local/bin/snort -i hme0 -d -c /etc/snort/snort.conf
Log directory = /var/log/snort
Initializing Network Interface hme0
--== Initializing Snort ==--
Decoding Ethernet on interface hme0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
limit == 128
UnifiedLogFilename = snort.log
Opening /var/log/snort/snort.log.1024433373
1073 Snort rules read...
1073 Option Chains linked into 100 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
Rule application order: ->activation->dynamic->alert->pass->log
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.7beta6 (Build 121)
By Martin Roesch (ro...@so..., www.snort.org)
BARNYARD config file lines
# dp_alert
# --------------------------
# The dp_alert data processor is capable of reading the alert (event)
format
# generated by Snort's spo_unified plug-in. It is used with output
plug-ins
# that support the "alert" input type. This plug-in takes no arguments.
processor dp_alert
# dp_log
# ---------------------------
# The dp_log data processor is capable of reading the log format
generated
# by Snort's spo_unified plug-in. It is used with output plug-ins
# that support the "log" input type. This plug-in takes no arguments.
processor dp_log
# acid_db
#-------------------------------
# Available as both a log and alert output plugin. Used to output data
into
# the db schema used by ACID
# Arguments:
# $db_flavor - what flavor of database (ie, mysql)
# sensor_id $sensor_id - integer sensor id to insert data as
# database $database - name of the database
# server $server - server the database is located on
# user $user - username to connect to the database as
# password $password - password for database authentication
# output alert_acid_db: mysql, sensor_id 3, database snort1, server
192.168.2.10, user root
output log_acid_db: mysql, sensor_id 1, database snort1, server
192.168.2.10, user root, detail full
BARNYARD startup command line msgs
# /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -f snort.log
-*> Barnyard! <*-
Version 0.1.0-beta7 (Build 10)
By Andrew R. Baker (an...@sn...)
and Martin Roesch (ro...@so..., www.snort.org)
Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AcidDb output plugin initialized
AlertCSV initialized
Parsing Config file: /etc/snort/barnyard.conf
Args: mysql, sensor_id 1, database snort1, server 192.168.2.10, user
root, detail full
Barnyard Version 0.1.0-beta7 (Build 10) started
AcidDbOpStart
OpAcidDB configuration details
Database Flavour: mysql
Detail Level: Full
Database Server: 192.168.2.10
Database User: root
SensorID: 1
AcidDbOpStart Complete
*****It will pause here until you feed it data then...***
Bus Error - core dumped
GDB output
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc-sun-solaris2.8"...
Core was generated by `/usr/local/bin/barnyard -c
/etc/snort/barnyard.conf -f snort.log'.
Program terminated with signal 10, Bus Error.
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/local/lib/libmysqlclient.so.10...done.
Loaded symbols for /usr/local/lib/libmysqlclient.so.10
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/lib/libz.so...done.
Loaded symbols for /usr/lib/libz.so
Reading symbols from /usr/lib/libcrypt_i.so.1...done.
Loaded symbols for /usr/lib/libcrypt_i.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
#0 0x19f8c in InsertIPData (op_data=0x37cd8, p=0xffbef690) at
op_acid_db.c:406
406 if(snprintf(sql_buffer, MAX_QUERY_SIZE,
(gdb) bt
#0 0x19f8c in InsertIPData (op_data=0x37cd8, p=0xffbef690) at
op_acid_db.c:406
#1 0x19ed0 in AcidDbOpLog (context=0x37cd8, data=0x10d8a8) at
op_acid_db.c:374
#2 0x176d0 in CallOutputPlugins (list=0x37b88, data=0x10d8a8) at
op_plugbase.c:120
#3 0x1df08 in LogDpProcessRecord (data=0x10d8a8, dp=0x3b538) at
dp_log.c:229
#4 0x16148 in ProcessSpool (spool_directory=0x3b328 "/var/log/snort",
base_filename=0x3b040 "snort.log",
first_record=0, timet=1097688) at spool.c:152
#5 0x138a0 in main (argc=5, argv=0xffbefd14) at barnyard.c:115
(gdb)
|
