Menu
▾
▴
Re: [Snort-inline-users] snort_inline segfault with enabled database output plugin
|
From: Rob M. <ro...@ho...> - 2004-05-04 01:13:27
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you have gdb on your system? If so, can you run this and send the output to the list? gdb snort_inline at the prompt, run -v -Q -U -y -t /var/snort_inline -l /var/snort_inline/log -c /var/snort_inline/etc/rules/snort.conf once you get the segfault, bt This will help me figure out what is causing the problem. Thanks, Rob On Mon, 3 May 2004, Joe Hickory wrote: > hi list, > > i can't find an answer anywhere, maybe i have the wrong keywords... > i'm using snort_inline 2.1.2. everything works fine, without database output > plugin enabled. > i started snort_inline with the following command: > /usr/local/bin/snort_inline -v -D -Q -U -y -t /var/snort_inline -l > /var/snort_inline/log -c /var/snort_inline/etc/rules/snort.conf > > i don't think the chroot is the problem because without chroot, snort_inline > segfaults also. > > this is the end of the output i get when i start snort manually without -D : > > telnet_decode arguments: > Ports to decode telnet on: 21 23 25 119 > database: compiled support for ( mysql ) > database: configured to use mysql > database: user = acid > database: password is set > database: database name = acid > database: host = localhost > database: sensor name = honeyhost > Segmentation fault > > this is the database plugin line within my configfile: > output database: alert, mysql user=acid password=password dbname=acid > host=localhost sensor_name=honeyhost > > i used the create_mysql script in the contrib subdir to create the database. > mysql> select * from schema; > +------+---------------------+ > | vseq | ctime | > +------+---------------------+ > | 106 | 2004-05-03 11:50:53 | > +------+---------------------+ > 1 row in set (0.00 sec) > > hope that's enough info. would be great to get a hint. > > thanks > joe > > > -- > "Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen! > Jetzt aktivieren unter http://www.gmx.net/info > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFAlvk4+cDJj70ouN0RAhtEAJwKBWVUrKBFwGM+X0H07YIUTVlZ5gCg1R67 HlCtPQUEpM5C1G01Vdpqx/8= =a2RX -----END PGP SIGNATURE----- |
