Hello Gentlemen,<br><br>I am trying to understand the ip reputation mecanism. Could anyone explain or point a paper ?<br>i see this graph here but i can´t understand exactly how bad is the reputation just by looking at it.. <br>
<a href="http://isc.sans.org/ipinfo.html?ip=202.111.175.157">http://isc.sans.org/ipinfo.html?ip=202.111.175.157</a><br><br>ps: newbie here<br><br><div class="gmail_quote">2010/1/11 <span dir="ltr"><<a href="mailto:oisf-users-request@openinfosecfoundation.org">oisf-users-request@openinfosecfoundation.org</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Oisf-users mailing list submissions to<br>
<a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:oisf-users-request@openinfosecfoundation.org">oisf-users-request@openinfosecfoundation.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:oisf-users-owner@openinfosecfoundation.org">oisf-users-owner@openinfosecfoundation.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Oisf-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. suricata running error (Ihab el Bakri)<br>
2. Re: suricata running error (Will Metcalf)<br>
3. Re: suricata running error (Ihab el Bakri)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 11 Jan 2010 14:42:38 +0100<br>
From: Ihab el Bakri <<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>><br>
Subject: [Oisf-users] suricata running error<br>
To: <<a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>><br>
Message-ID: <COL117-W1100EBB4520C6A12ED6B6D996D0@phx.gbl><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
<br>
Hello there ,<br>
I am having trouble running suricata with rules file, everytime i start suricata i get this msg :<br>
<br>
<br>
root@test:~/suricata-current# suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules<br>
Warning: Invalid global_log_level assigned by user. Falling back on the default_log_level "Info"<br>
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters. Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -- "<br>
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"<br>
[26040] 11/1/2010 -- 08:39:17 - (suricata.c:425) <Info> (main) -- This is Suricata version 0.8.0<br>
*** glibc detected *** suricata: free(): invalid pointer: 0xb7edc2a1 ***<br>
======= Backtrace: =========<br>
/lib/tls/i686/cmov/libc.so.6[0xb7e1aa85]<br>
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e1e4f0]<br>
suricata[0x80a725a]<br>
suricata[0x80a741a]<br>
suricata[0x804b2aa]<br>
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7dc5450]<br>
suricata[0x804a961]<br>
======= Memory map: ========<br>
08048000-080ca000 r-xp 00000000 08:01 91327 /usr/local/bin/suricata<br>
080ca000-080cb000 rw-p 00082000 08:01 91327 /usr/local/bin/suricata<br>
080cb000-08119000 rw-p 080cb000 00:00 0 [heap]<br>
b7c00000-b7c21000 rw-p b7c00000 00:00 0<br>
b7c21000-b7d00000 ---p b7c21000 00:00 0<br>
b7d87000-b7d91000 r-xp 00000000 08:01 1777680 /lib/libgcc_s.so.1<br>
b7d91000-b7d92000 rw-p 0000a000 08:01 1777680 /lib/libgcc_s.so.1<br>
b7d99000-b7d9a000 rw-p b7d99000 00:00 0<br>
b7d9a000-b7dae000 r-xp 00000000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>
b7dae000-b7daf000 rw-p 00013000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>
b7daf000-b7ef8000 r-xp 00000000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
b7ef8000-b7ef9000 r--p 00149000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
b7ef9000-b7efb000 rw-p 0014a000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
b7efb000-b7efe000 rw-p b7efb000 00:00 0<br>
b7efe000-b7f24000 r-xp 00000000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>
b7f24000-b7f25000 rw-p 00026000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>
b7f25000-b7f26000 rw-p b7f25000 00:00 0<br>
b7f26000-b7f41000 r-xp 00000000 08:01 565249 /usr/local/lib/libyaml-0.so.2.0.1<br>
b7f41000-b7f42000 rw-p 0001a000 08:01 565249 /usr/local/lib/libyaml-0.so.2.0.1<br>
b7f42000-b7f56000 r-xp 00000000 08:01 1777702 /lib/tls/i686/cmov/<a href="http://libpthread-2.7.so" target="_blank">libpthread-2.7.so</a><br>
b7f56000-b7f58000 rw-p 00013000 08:01 1777702 /lib/tls/i686/cmov/<a href="http://libpthread-2.7.so" target="_blank">libpthread-2.7.so</a><br>
b7f58000-b7f5a000 rw-p b7f58000 00:00 0<br>
b7f5a000-b7f60000 r-xp 00000000 08:01 88329 /usr/lib/libnfnetlink.so.0.2.0<br>
b7f60000-b7f61000 rw-p 00005000 08:01 88329 /usr/lib/libnfnetlink.so.0.2.0<br>
b7f61000-b7f63000 r-xp 00000000 08:01 88309 /usr/lib/libnetfilter_queue.so.1.1.0<br>
b7f63000-b7f64000 rw-p 00001000 08:01 88309 /usr/lib/libnetfilter_queue.so.1.1.0<br>
b7f64000-b7f77000 r-xp 00000000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>
b7f77000-b7f78000 rw-p 00013000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>
b7f78000-b7f7a000 rw-p b7f78000 00:00 0<br>
b7f7a000-b7f97000 r-xp 00000000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
b7f97000-b7f98000 rw-p 0001d000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
b7f98000-b7fa6000 r-xp 00000000 08:01 88130 /usr/lib/libhtp-0.1.so.1.0.2<br>
b7fa6000-b7fa7000 rw-p 0000e000 08:01 88130 /usr/lib/libhtp-0.1.so.1.0.2<br>
b7fac000-b7fb0000 rw-p b7fac000 00:00 0<br>
b7fb0000-b7fb1000 r-xp b7fb0000 00:00 0 [vdso]<br>
b7fb1000-b7fcb000 r-xp 00000000 08:01 1779190 /lib/<a href="http://ld-2.7.so" target="_blank">ld-2.7.so</a><br>
b7fcb000-b7fcd000 rw-p 00019000 08:01 1779190 /lib/<a href="http://ld-2.7.so" target="_blank">ld-2.7.so</a><br>
bffc9000-bffde000 rw-p bffeb000 00:00 0 [stack]<br>
Aborted<br>
<br>
Running Ubuntu 8.04 server<br>
<br>
<br>
I will be pleased for any help<br>
<br>
thanks in advance<br>
Ihab El Bakri<br>
<br>
_________________________________________________________________<br>
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail?.<br>
<a href="http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009" target="_blank">http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/06eccacc/attachment-0001.html" target="_blank">http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/06eccacc/attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 11 Jan 2010 07:49:58 -0600<br>
From: Will Metcalf <<a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a>><br>
Subject: Re: [Oisf-users] suricata running error<br>
To: Ihab el Bakri <<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>><br>
Cc: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Message-ID:<br>
<<a href="mailto:c13e433a1001110549re81d08at2597888d46a3f140@mail.gmail.com">c13e433a1001110549re81d08at2597888d46a3f140@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Well it looks like there is a bug there for sure. Although you are specify<br>
the configuration file multiple times.<br>
<br>
suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules<br>
<br>
should be ....<br>
<br>
suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules<br>
<br>
I will check in a bug for the other...<br>
<br>
Regards,<br>
<br>
Will<br>
<br>
<br>
gdb /usr/local/bin/suricata<br>
On Mon, Jan 11, 2010 at 7:42 AM, Ihab el Bakri <<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>>wrote:<br>
<br>
> Hello there ,<br>
> I am having trouble running suricata with rules file, everytime i start<br>
> suricata i get this msg :<br>
><br>
><br>
> root@test:~/suricata-current# suricata -c suricata.yaml -i eth1 -c<br>
> /etc/snort/rules/x11.rules<br>
> Warning: Invalid global_log_level assigned by user. Falling back on the<br>
> default_log_level "Info"<br>
> Warning: Invalid global_log_format supplied by user or format length<br>
> exceeded limit of "128" characters. Falling back on default log_format<br>
> "[%i] %t - (%f:%l) <%d> (%n) -- "<br>
> Warning: Output_interface not supplied by user. Falling back on<br>
> default_output_interface "Console"<br>
> [26040] 11/1/2010 -- 08:39:17 - (suricata.c:425) <Info> (main) -- This is<br>
> Suricata version 0.8.0<br>
> *** glibc detected *** suricata: free(): invalid pointer: 0xb7edc2a1 ***<br>
> ======= Backtrace: =========<br>
> /lib/tls/i686/cmov/libc.so.6[0xb7e1aa85]<br>
> /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e1e4f0]<br>
> suricata[0x80a725a]<br>
> suricata[0x80a741a]<br>
> suricata[0x804b2aa]<br>
> /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7dc5450]<br>
> suricata[0x804a961]<br>
> ======= Memory map: ========<br>
> 08048000-080ca000 r-xp 00000000 08:01 91327 /usr/local/bin/suricata<br>
> 080ca000-080cb000 rw-p 00082000 08:01 91327 /usr/local/bin/suricata<br>
> 080cb000-08119000 rw-p 080cb000 00:00 0 [heap]<br>
> b7c00000-b7c21000 rw-p b7c00000 00:00 0<br>
> b7c21000-b7d00000 ---p b7c21000 00:00 0<br>
> b7d87000-b7d91000 r-xp 00000000 08:01 1777680 /lib/libgcc_s.so.1<br>
> b7d91000-b7d92000 rw-p 0000a000 08:01 1777680 /lib/libgcc_s.so.1<br>
> b7d99000-b7d9a000 rw-p b7d99000 00:00 0<br>
> b7d9a000-b7dae000 r-xp 00000000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>
> b7dae000-b7daf000 rw-p 00013000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>
> b7daf000-b7ef8000 r-xp 00000000 08:01 1777688 /lib/tls/i686/cmov/<br>
> <a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
> b7ef8000-b7ef9000 r--p 00149000 08:01 1777688 /lib/tls/i686/cmov/<br>
> <a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
> b7ef9000-b7efb000 rw-p 0014a000 08:01 1777688 /lib/tls/i686/cmov/<br>
> <a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
> b7efb000-b7efe000 rw-p b7efb000 00:00 0<br>
> b7efe000-b7f24000 r-xp 00000000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>
> b7f24000-b7f25000 rw-p 00026000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>
> b7f25000-b7f26000 rw-p b7f25000 00:00 0<br>
> b7f26000-b7f41000 r-xp 00000000 08:01 565249<br>
> /usr/local/lib/libyaml-0.so.2.0.1<br>
> b7f41000-b7f42000 rw-p 0001a000 08:01 565249<br>
> /usr/local/lib/libyaml-0.so.2.0.1<br>
> b7f42000-b7f56000 r-xp 00000000 08:01 1777702 /lib/tls/i686/cmov/<br>
> <a href="http://libpthread-2.7.so" target="_blank">libpthread-2.7.so</a><br>
> b7f56000-b7f58000 rw-p 00013000 08:01 1777702 /lib/tls/i686/cmov/<br>
> <a href="http://libpthread-2.7.so" target="_blank">libpthread-2.7.so</a><br>
> b7f58000-b7f5a000 rw-p b7f58000 00:00 0<br>
> b7f5a000-b7f60000 r-xp 00000000 08:01 88329<br>
> /usr/lib/libnfnetlink.so.0.2.0<br>
> b7f60000-b7f61000 rw-p 00005000 08:01 88329<br>
> /usr/lib/libnfnetlink.so.0.2.0<br>
> b7f61000-b7f63000 r-xp 00000000 08:01 88309<br>
> /usr/lib/libnetfilter_queue.so.1.1.0<br>
> b7f63000-b7f64000 rw-p 00001000 08:01 88309<br>
> /usr/lib/libnetfilter_queue.so.1.1.0<br>
> b7f64000-b7f77000 r-xp 00000000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>
> b7f77000-b7f78000 rw-p 00013000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>
> b7f78000-b7f7a000 rw-p b7f78000 00:00 0<br>
> b7f7a000-b7f97000 r-xp 00000000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
> b7f97000-b7f98000 rw-p 0001d000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
> b7f98000-b7fa6000 r-xp 00000000 08:01 88130<br>
> /usr/lib/libhtp-0.1.so.1.0.2<br>
> b7fa6000-b7fa7000 rw-p 0000e000 08:01 88130<br>
> /usr/lib/libhtp-0.1.so.1.0.2<br>
> b7fac000-b7fb0000 rw-p b7fac000 00:00 0<br>
> b7fb0000-b7fb1000 r-xp b7fb0000 00:00 0 [vdso]<br>
> b7fb1000-b7fcb000 r-xp 00000000 08:01 1779190 /lib/<a href="http://ld-2.7.so" target="_blank">ld-2.7.so</a><br>
> b7fcb000-b7fcd000 rw-p 00019000 08:01 1779190 /lib/<a href="http://ld-2.7.so" target="_blank">ld-2.7.so</a><br>
> bffc9000-bffde000 rw-p bffeb000 00:00 0 [stack]<br>
> Aborted<br>
><br>
> Running Ubuntu 8.04 server<br>
><br>
><br>
> I will be pleased for any help<br>
><br>
> thanks in advance<br>
> Ihab El Bakri<br>
><br>
> ------------------------------<br>
> Windows Live Hotmail: Your friends can get your Facebook updates, right<br>
> from Hotmail?.<<a href="http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009" target="_blank">http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009</a>><br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/581ee194/attachment-0001.html" target="_blank">http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/581ee194/attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Mon, 11 Jan 2010 15:18:31 +0100<br>
From: Ihab el Bakri <<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>><br>
Subject: Re: [Oisf-users] suricata running error<br>
To: <<a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a>><br>
Cc: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Message-ID: <COL117-W3D43481192FDFDFC0A5D7996D0@phx.gbl><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Thank alot, works now!<br>
<br>
mkdir /var/log/suricata<br>
<br>
is the use of the inline mode analog to snort_inline ?<br>
is it possible to use suricata for monitoring multiple Gb/s network without GPU help running a Quad-Core AMD Opteron 2350, 4 Gig of RAM ? without having network performance leakage ?<br>
<br>
<br>
Best regards,<br>
<br>
Ihab<br>
<br>
<br>
Date: Mon, 11 Jan 2010 08:07:04 -0600<br>
Subject: Re: [Oisf-users] suricata running error<br>
From: <a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a><br>
To: <a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a><br>
<br>
Yes that is a bad error message that has been fixed in the latest version of the code in the git repo. This means that your log directory doesn't exist.<br>
<br>
mkdir /var/log/suricata<br>
<br>
or use -l to specify a directory where you have write permissions.<br>
<br>
<br>
Regards,<br>
<br>
Will<br>
<br>
On Mon, Jan 11, 2010 at 8:03 AM, Ihab el Bakri <<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>> wrote:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
tried with suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules<br>
another error :<br>
<br>
[26132] 11/1/2010 -- 08:55:34 - (detect.c:2555) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done<br>
<br>
[26133] 11/1/2010 -- 08:55:34 - (source-pcap.c:235) <Info> (ReceivePcapThreadInit) -- using interface eth1<br>
[26142] 11/1/2010 -- 08:55:34 - (alert-fastlog.c:171) <Error> (AlertFastlogThreadInit) -- [ERRCODE: SC_ERR_FAST_LOG_GENERIC_ERROR(58)] - Error getting context for AlertFastLog. "initdata" argument NULL<br>
<br>
[26143] 11/1/2010 -- 08:55:34 - (alert-unified-log.c:224) <Error> (AlertUnifiedLogThreadInit) -- [ERRCODE: SC_ERR_UNIFIED_LOG_GENERIC_ERROR(60)] - Error getting context for UnifiedLog. "initdata" argument NULL<br>
<br>
[26144] 11/1/2010 -- 08:55:34 - (alert-unified2-alert.c:495) <Error> (Unified2AlertThreadInit) -- [ERRCODE: SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR(63)] - Error getting context for Unified2Alert. "initdata" argument NULL<br>
<br>
[26145] 11/1/2010 -- 08:55:34 - (alert-debuglog.c:198) <Error> (AlertDebuglogThreadInit) -- [ERRCODE: SC_ERR_DEBUG_LOG_GENERIC_ERROR(59)] - Error getting context for DebugLog. "initdata" argument NULL<br>
<br>
Thread "AlertFastlog&Httplog" closed on initialization...<br>
ERROR: Engine initialization failed, aborting...<br>
<br>
Best Regards,<br>
<br>
Ihab<br>
<br>
Date: Mon, 11 Jan 2010 07:49:58 -0600<br>
Subject: Re: [Oisf-users] suricata running error<br>
<br>
From: <a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a><br>
To: <a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a><br>
CC: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
<br>
<br>
Well it looks like there is a bug there for sure. Although you are specify the configuration file multiple times.<br>
<br>
suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules<br>
<br>
<br>
should be ....<br>
<br>
suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules<br>
<br>
<br>
I will check in a bug for the other...<br>
<br>
Regards,<br>
<br>
Will<br>
<br>
<br>
<br>
gdb /usr/local/bin/suricata<br>
On Mon, Jan 11, 2010 at 7:42 AM, Ihab el Bakri <<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>> wrote:<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Hello there ,<br>
I am having trouble running suricata with rules file, everytime i start suricata i get this msg :<br>
<br>
<br>
root@test:~/suricata-current# suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules<br>
<br>
<br>
Warning: Invalid global_log_level assigned by user. Falling back on the default_log_level "Info"<br>
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters. Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -- "<br>
<br>
<br>
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"<br>
[26040] 11/1/2010 -- 08:39:17 - (suricata.c:425) <Info> (main) -- This is Suricata version 0.8.0<br>
*** glibc detected *** suricata: free(): invalid pointer: 0xb7edc2a1 ***<br>
<br>
<br>
======= Backtrace: =========<br>
/lib/tls/i686/cmov/libc.so.6[0xb7e1aa85]<br>
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e1e4f0]<br>
suricata[0x80a725a]<br>
suricata[0x80a741a]<br>
suricata[0x804b2aa]<br>
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7dc5450]<br>
<br>
<br>
suricata[0x804a961]<br>
======= Memory map: ========<br>
08048000-080ca000 r-xp 00000000 08:01 91327 /usr/local/bin/suricata<br>
080ca000-080cb000 rw-p 00082000 08:01 91327 /usr/local/bin/suricata<br>
080cb000-08119000 rw-p 080cb000 00:00 0 [heap]<br>
<br>
<br>
b7c00000-b7c21000 rw-p b7c00000 00:00 0<br>
b7c21000-b7d00000 ---p b7c21000 00:00 0<br>
b7d87000-b7d91000 r-xp 00000000 08:01 1777680 /lib/libgcc_s.so.1<br>
b7d91000-b7d92000 rw-p 0000a000 08:01 1777680 /lib/libgcc_s.so.1<br>
<br>
<br>
b7d99000-b7d9a000 rw-p b7d99000 00:00 0<br>
b7d9a000-b7dae000 r-xp 00000000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>
b7dae000-b7daf000 rw-p 00013000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>
b7daf000-b7ef8000 r-xp 00000000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
<br>
<br>
b7ef8000-b7ef9000 r--p 00149000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
b7ef9000-b7efb000 rw-p 0014a000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a><br>
<br>
<br>
b7efb000-b7efe000 rw-p b7efb000 00:00 0<br>
b7efe000-b7f24000 r-xp 00000000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>
b7f24000-b7f25000 rw-p 00026000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>
b7f25000-b7f26000 rw-p b7f25000 00:00 0<br>
<br>
<br>
b7f26000-b7f41000 r-xp 00000000 08:01 565249 /usr/local/lib/libyaml-0.so.2.0.1<br>
b7f41000-b7f42000 rw-p 0001a000 08:01 565249 /usr/local/lib/libyaml-0.so.2.0.1<br>
b7f42000-b7f56000 r-xp 00000000 08:01 1777702 /lib/tls/i686/cmov/<a href="http://libpthread-2.7.so" target="_blank">libpthread-2.7.so</a><br>
<br>
<br>
b7f56000-b7f58000 rw-p 00013000 08:01 1777702 /lib/tls/i686/cmov/<a href="http://libpthread-2.7.so" target="_blank">libpthread-2.7.so</a><br>
b7f58000-b7f5a000 rw-p b7f58000 00:00 0<br>
b7f5a000-b7f60000 r-xp 00000000 08:01 88329 /usr/lib/libnfnetlink.so.0.2.0<br>
<br>
<br>
b7f60000-b7f61000 rw-p 00005000 08:01 88329 /usr/lib/libnfnetlink.so.0.2.0<br>
b7f61000-b7f63000 r-xp 00000000 08:01 88309 /usr/lib/libnetfilter_queue.so.1.1.0<br>
b7f63000-b7f64000 rw-p 00001000 08:01 88309 /usr/lib/libnetfilter_queue.so.1.1.0<br>
<br>
<br>
b7f64000-b7f77000 r-xp 00000000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>
b7f77000-b7f78000 rw-p 00013000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>
b7f78000-b7f7a000 rw-p b7f78000 00:00 0<br>
b7f7a000-b7f97000 r-xp 00000000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
<br>
<br>
b7f97000-b7f98000 rw-p 0001d000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
b7f98000-b7fa6000 r-xp 00000000 08:01 88130 /usr/lib/libhtp-0.1.so.1.0.2<br>
b7fa6000-b7fa7000 rw-p 0000e000 08:01 88130 /usr/lib/libhtp-0.1.so.1.0.2<br>
<br>
<br>
b7fac000-b7fb0000 rw-p b7fac000 00:00 0<br>
b7fb0000-b7fb1000 r-xp b7fb0000 00:00 0 [vdso]<br>
b7fb1000-b7fcb000 r-xp 00000000 08:01 1779190 /lib/<a href="http://ld-2.7.so" target="_blank">ld-2.7.so</a><br>
b7fcb000-b7fcd000 rw-p 00019000 08:01 1779190 /lib/<a href="http://ld-2.7.so" target="_blank">ld-2.7.so</a><br>
<br>
<br>
bffc9000-bffde000 rw-p bffeb000 00:00 0 [stack]<br>
Aborted<br>
<br>
Running Ubuntu 8.04 server<br>
<br>
<br>
I will be pleased for any help<br>
<br>
thanks in advance<br>
Ihab El Bakri<br>
<br>
<br>
<br>
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail?.<br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
Oisf-users mailing list<br>
<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
<br>
<br>
<br>
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.<br>
<br>
<br>
<br>
Windows Live: Keep your friends up to date with what you do online.<br>
_________________________________________________________________<br>
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail?.<br>
<a href="http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009" target="_blank">http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/c788803b/attachment.html" target="_blank">http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/c788803b/attachment.html</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
<br>
End of Oisf-users Digest, Vol 2, Issue 5<br>
****************************************<br>
</blockquote></div><br>