Friday, April 30

Snort 2.8.6 segfaults

Putting this post up for the people who will Google the error.
If you get an error that looks like something like this:
"segfault at 0 ip b7955947 sp bfa35d70 error 4 in libsf_engine.so.0.0.0[b7953000+8000]"

When you start Snort after you have upgraded to 2.8.6 from 2.8.5.3 (or whatever)

This means you are running 2.8.5.3 SO rules with the 2.8.6 engine. You need the 2.8.6 rules to run with the 2.8.6 engine.

You can get the rules here: http://www.snort.org/snort-rules

Make sure you read this post too: http://blog.joelesler.net/2010/04/new-vrt-rulepack-changes.html

1 comment:

Tweets that mention Snort 2.8.6 segfaults | Finshake -- Topsy.com said...

[...] This post was mentioned on Twitter by JoelEsler. JoelEsler said: Snort 2.8.6 segfaults http://goo.gl/fb/oJ2rM [...]