Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 37 replies
  • Subscribers 0 subscribers
  • Views 9391 views
  • Users 0 members are here
Options
Suggested

[8.930][BUG] snort Segfault

wingman
Hi All

I got a kernel segfault with 8.930  

2012:04:14-22:15:09 **** kernel: [186834.365915] snort_inline[16586]: segfault at 413dbf52 ip 00000000f6e10fba sp 00000000ffc40be0 error 4 in web-client.so[f6e07000+14000]


During that time snort also restarted 

2012:04:14-10:44:30 ********* snort[16586]: S5: Pruned session from cache that was using 1098944 bytes (closed normally). 192.168.2.5 50721 --> 85.115.22.9 80 (0) : LWstate 0x9 LWFlags 0x60e007

2012:04:14-22:16:05 ********* snort[26454]: Enabling inline operation

2012:04:14-22:16:05 ********* snort[26454]: Running in IDS mode

2012:04:14-22:16:05 ********* snort[26454]: 

2012:04:14-22:16:05 ********* snort[26454]:         --== Initializing Snort ==--


2012:04:14-22:15:25 ********* selfmonng[3541]: I check Failed increment snort_inline_running counter 1 - 3

2012:04:14-22:15:45 ********* selfmonng[3541]: I check Failed increment snort_inline_running counter 2 - 3

2012:04:14-22:16:05 ********* selfmonng[3541]: W check Failed increment snort_inline_running counter 3 - 3

2012:04:14-22:16:05 ********* selfmonng[3541]: Snort not running - restarted

2012:04:14-22:16:05 ********* selfmonng[3541]: W NOTIFYEVENT Name=snort_inline_running Level=INFO Id=115 sent

2012:04:14-22:16:05 ********* selfmonng[3541]: W triggerAction: 'cmd'

2012:04:14-22:16:05 ********* selfmonng[3541]: W actionCmd(+):  '/var/mdw/scripts/snort restart'

2012:04:14-22:16:26 ********* selfmonng[3541]: W child returned status: exit='0' signal='0'


Thanks
Parents Reply Children
  • 0 in reply to RFCat_vk_01
    from kernel log during up2date installation.

    2012:04:30-21:40:01 cats-kingdom modprobe: FATAL: Error inserting padlock_sha (/lib/modules/3.3.2-2.g50edaa1-smp64/kernel/drivers/crypto/padlock-sha.ko): No such device 2012:04:30-21:40:01 cats-kingdom kernel: [   81.185266] padlock_sha: VIA PadLock Hash Engine not detected. 
    2012:04:30-21:40:01 cats-kingdom modprobe: FATAL: Error inserting padlock_sha (/lib/modules/3.3.2-2.g50edaa1-smp64/kernel/drivers/crypto/padlock-sha.ko): No such device
  • 0 in reply to RFCat_vk_01
    from kernel log during up2date installation.

    2012:04:30-21:40:01 cats-kingdom modprobe: FATAL: Error inserting padlock_sha (/lib/modules/3.3.2-2.g50edaa1-smp64/kernel/drivers/crypto/padlock-sha.ko): No such device 2012:04:30-21:40:01 cats-kingdom kernel: [   81.185266] padlock_sha: VIA PadLock Hash Engine not detected. 
    2012:04:30-21:40:01 cats-kingdom modprobe: FATAL: Error inserting padlock_sha (/lib/modules/3.3.2-2.g50edaa1-smp64/kernel/drivers/crypto/padlock-sha.ko): No such device



    Ian that sounds a different issue than the segfault error. Maybe open a new thread?

    Updated

    I have opened a new thread to track this. Please post updates here
  • 0 in reply to wingman
    I got also frequently snort restarts.  

    2012:04:30-20:35:01 firewall kernel: [ 7008.301324] snort_inline[5059]: segfault at 1a3a648a ip 00000000f6bf4fba sp 00000000ff87c720 error 4 in web-client.so[f6beb000+14000]
  • 0 in reply to traxxus_01
    Hi Everyone,

    thanks for your feedback!

    Mantis ID #20981 is still under investigation. We'll let you know if anything develops and thank you for your patience.

    Cheers,
    Cristof
  • 0 in reply to traxxus_01
    I got also frequently snort restarts.  

    2012:04:30-20:35:01 firewall kernel: [ 7008.301324] snort_inline[5059]: segfault at 1a3a648a ip 00000000f6bf4fba sp 00000000ff87c720 error 4 in web-client.so[f6beb000+14000]


    Could you please check the /var/storage/cores/
    directory for any snort core dumps, and then email one of those
    to fwestphal@astaro.com?

    Thanks.
Unfiltered HTML