[Oisf-devel] Suricata latest git version: core dump.

Anoop Saldanha anoopsaldanha at gmail.com
Mon Apr 23 14:49:09 UTC 2012


On Mon, Apr 23, 2012 at 7:56 PM, Marcos Rodriguez
<marcos.e.rodriguez at gmail.com> wrote:
> Hi Everyone,
>
> I just got a core dump with Suricata during testing.  I have attached the
> backtrace and I have a core file, but it's 11GB!  :o)
>
> I'm using the latest development version, and am running on RHEL 5.7 with a
> DAG 7.5G4.  I only have one rule enabled, and Suricata's snarfing files like
> crazy (good thing).
>
> alert http any any -> any any (msg: "EXE Detected over HTTP 1";
> filemagic:"executable for MS Windows"; fileext:"exe"; filestore; sid:
> 2000000; rev:1;)
>
> I'm sure I'm missing something, but please let me know if you need
> additional data.   Anything you want me to do with the core file, just let
> me know.
>
> Thanks!
>
> marcos
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel

Can you send a bt full from the core dump?

-- 
Anoop Saldanha



More information about the Oisf-devel mailing list