[Oisf-users] Oisf-users Digest, Vol 31, Issue 36
toasty
toastyguy at gmail.com
Tue Jun 19 21:00:44 UTC 2012
In case it helps people - I was using -i eth1 from the command line
and didn't have the
pcap:
- interface: eth1
lines in my suricata.yaml. Adding them, and using --pcap to launch
[instead] seems to fix it for me...
--james
On Tue, Jun 19, 2012 at 9:03 AM,
<oisf-users-request at openinfosecfoundation.org> wrote:
> Send Oisf-users mailing list submissions to
> oisf-users at openinfosecfoundation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> or, via email, send a message with subject or body 'help' to
> oisf-users-request at openinfosecfoundation.org
>
> You can reach the person managing the list at
> oisf-users-owner at openinfosecfoundation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-users digest..."
>
>
> Today's Topics:
>
> 1. Re: segfault with latest suricata version (rev 988c92f) 1.3x
> (Peter Manev)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Jun 2012 10:57:43 +0200
> From: Peter Manev <petermanev at gmail.com>
> Subject: Re: [Oisf-users] segfault with latest suricata version (rev
> 988c92f) 1.3x
> To: Stefan.Sabolowitsch at felten-group.com
> Cc: oisf <oisf-users at openinfosecfoundation.org>
> Message-ID:
> <CAMhe82KZ1gKkgpTvyRXD8-WvadeMdC9=1KkS=Gc9RDDw-=bErQ at mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> Stefan thank you for your help.
> Would you please post a bug for this
> https://redmine.openinfosecfoundation.org/projects/suricata/issues
>
> with a good explanation.
>
> thank you
>
>
> On Tue, Jun 19, 2012 at 10:55 AM, Stefan Sabolowitsch <
> Stefan.Sabolowitsch at felten-group.com> wrote:
>
>> Hi Peter,
>> It's definitely this commit "bd3a655aeb8975ae8c51a02213d40bf21047f5e9" with
>> pcap changes.
>> With this pcap changes i get directly a segfault.
>> I have tested all commits from beta2 to this problem commit.
>>
>> Stefan
>>
>> Am 19.06.2012 um 09:48 schrieb Peter Manev:
>>
>> here is some good info for the git commands:
>> http://www.siteground.com/tutorials/git/commands.htm
>>
>> but you would need "git log" and "git checkout" mostly , after you have
>> done the
>> "git clone git://phalanx.openinfosecfoundation.org/oisf.git"
>>
>> This could be long and tenacious, but thank you very much for your
>> efforts!!
>>
>>
>> On Tue, Jun 19, 2012 at 9:42 AM, Stefan Sabolowitsch <
>> Stefan.Sabolowitsch at felten-group.com> wrote:
>>
>>> no Peter...
>>> but i can test the individual branches, master, updates.
>>> May we find the errors faster.
>>> How i do that with git?
>>>
>>>
>>>
>>> Am 19.06.2012 um 09:33 schrieb Peter Manev:
>>>
>>> are you using Napatech or Myricom?
>>>
>>> On Tue, Jun 19, 2012 at 9:24 AM, Stefan Sabolowitsch <
>>> Stefan.Sabolowitsch at felten-group.com> wrote:
>>>
>>>> Hi Peter,
>>>> I had no problem before version beta2, this machine run more with 3
>>>> months without any problem.
>>>> I think the problems have started from the 11.06.12
>>>>
>>>> Maybe this is the problem:
>>>> suricata-1.3beta2-11-g988c92f
>>>>
>>>> - Log -----------------------------------------------------------------
>>>> commit bd3a655aeb8975ae8c51a02213d40bf21047f5e9
>>>> Author: Victor Julien <victor at inliniac.net>
>>>> Date: Sun May 20 12:12:42 2012 +0200
>>>>
>>>> Add pcap workers mode.
>>>>
>>>> Some cards like Napatech or Myricom support libpcap wrappers that allow for
>>>> multiple streams, queues, ringbuffers. The workers mode can be of use in
>>>> those cases.
>>>>
>>>> -----------------------------------------------------------------------
>>>>
>>>> Summary of changes:
>>>> src/runmode-pcap.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++----
>>>> src/source-pcap.h | 2 +
>>>> 2 files changed, 77 insertions(+), 6 deletions(-)
>>>>
>>>>
>>>> thx
>>>> Stefan
>>>>
>>>> Am 19.06.2012 um 09:09 schrieb Peter Manev:
>>>>
>>>> Hi Stefan,
>>>>
>>>> so this problem is only on beta1? , you never have had that problem with
>>>> beta2? correct?
>>>>
>>>> thanks
>>>>
>>>> On Tue, Jun 19, 2012 at 9:06 AM, Stefan Sabolowitsch <
>>>> Stefan.Sabolowitsch at felten-group.com> wrote:
>>>>
>>>>> Hi all,
>>>>> any news here ? you need any information or help from my (debug etc.) ?
>>>>> Actually i run without any problem on beta2.
>>>>>
>>>>> thx
>>>>> Stefan
>>>>>
>>>>> Am 16.06.2012 um 18:21 schrieb Eric Leblond:
>>>>>
>>>>> Oups. I forgot one step. After getting gdb shell. Use the run command
>>>>> (without any arguments)
>>>>>
>>>>> BR.
>>>>>
>>>>> Stefan Sabolowitsch <Stefan.Sabolowitsch at felten-group.com> a ?crit :
>>>>>
>>>>> Hmmm, sorry Eric but I need a little more help.****
>>>>>
>>>>> ** **
>>>>>
>>>>> When I take this here:****
>>>>>
>>>>> ** **
>>>>>
>>>>> [root at ipd1 bin]# gdb --args ./suricata --user sguil --group sguil -c
>>>>> /etc/nsm/Serrig-intern/suricata.yaml -F /etc/nsm/Serrig-intern/bpf.filt -i
>>>>> br0 -l /nsm/sensor_data/Serrig-intern****
>>>>>
>>>>> GNU gdb (GDB) Red Hat Enterprise Linux (7.2-50.el6)****
>>>>>
>>>>> Copyright (C) 2010 Free Software Foundation, Inc.****
>>>>>
>>>>> License GPLv3+: GNU GPL version 3 or later <
>>>>> http://gnu.org/licenses/gpl.html>****
>>>>>
>>>>> This is free software: you are free to change and redistribute it.****
>>>>>
>>>>> There is NO WARRANTY, to the extent permitted by law. Type "show
>>>>> copying"****
>>>>>
>>>>> and "show warranty" for details.****
>>>>>
>>>>> This GDB was configured as "x86_64-redhat-linux-gnu".****
>>>>>
>>>>> For bug reporting instructions, please see:****
>>>>>
>>>>> <http://www.gnu.org/software/gdb/bugs/>...****
>>>>>
>>>>> Reading symbols from /usr/local/bin/suricata...done.****
>>>>>
>>>>> (gdb)****
>>>>>
>>>>> ** **
>>>>>
>>>>> But nothing chrashes****
>>>>>
>>>>> ** **
>>>>>
>>>>> When i take this cmdline without ?gdb ?args?, suricata crashes directly.
>>>>> ****
>>>>>
>>>>> What do I wrong here with gdb ?? ****
>>>>>
>>>>> ** **
>>>>>
>>>>> *Von:* Eric Leblond [mailto:eric at regit.org]
>>>>> *Gesendet:* Samstag, 16. Juni 2012 17:42
>>>>> *An:* Stefan Sabolowitsch
>>>>> *Cc:* Peter Manev; oisf
>>>>> *Betreff:* Re: [Oisf-users] segfault with latest suricata version (rev
>>>>> 988c92f) 1.3x****
>>>>>
>>>>> ** **
>>>>>
>>>>> hello
>>>>>
>>>>> Can you run it in gdb qnd send us a backtrace.
>>>>> You can do it by running
>>>>> gdb --args mysuricatacmdline
>>>>> Then when it crashes do
>>>>> bt
>>>>> And send us the result.
>>>>>
>>>>> BR
>>>>>
>>>>> Stefan Sabolowitsch <Stefan.Sabolowitsch at felten-group.com> a ?crit :***
>>>>> *
>>>>>
>>>>> Hi Peter, thanks for your fast answer.****
>>>>>
>>>>> I use the ?-i? parameter for the interface, look here:****
>>>>>
>>>>> Executing: suricata --user sguil --group sguil -c
>>>>> /etc/nsm/Serrig-intern/suricata.yaml -F /etc/nsm/Serrig-intern/bpf.filt -i
>>>>> br0 -l /nsm/sensor_data/Serrig-intern****
>>>>>
>>>>> Executing: suricata --user sguil --group sguil -c
>>>>> /etc/nsm/Serrig-DMZ/suricata.yaml -F /etc/nsm/Serrig-DMZ/bpf.filt -i br1 -l
>>>>> /nsm/sensor_data/Serrig-DMZ****
>>>>>
>>>>> ****
>>>>>
>>>>> And i compile with this parameter (Centos 6.0 64bit)****
>>>>>
>>>>> ./autogen.sh****
>>>>>
>>>>> ./configure --enable-pcre-jit****
>>>>>
>>>>> ****
>>>>>
>>>>> Version 1.3beta worked for two months without any problem, also version
>>>>> beta2. But then the problems started.****
>>>>>
>>>>> ****
>>>>>
>>>>> My last test?****
>>>>>
>>>>> Jun 16 17:14:46 ipd1 kernel: device br0 entered promiscuous mode****
>>>>>
>>>>> Jun 16 17:14:46 ipd1 sancp: started normally****
>>>>>
>>>>> Jun 16 17:14:53 ipd1 sancp: Retrieved last connection ID:
>>>>> 5754608452622280998 8 0****
>>>>>
>>>>> Jun 16 17:14:53 ipd1 kernel: device br1 entered promiscuous mode****
>>>>>
>>>>> Jun 16 17:14:53 ipd1 sancp: started normally****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr034[14337]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb5e75fcce8 error 14****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr038[14341]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb5e4df8ce8 error 14 in suricata[400000+179000]
>>>>> ****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr027[14330]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb6275fcce8 error 14****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr025[14328]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb62cdf8ce8 error 14****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr029[14332]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb6261face8 error 14****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr031[14334]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb61d71ece8 error 14 in suricata[400000+179000]
>>>>> ****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr010[14313]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007fb63e8dfce8 error 14 in suricata[400000+179000]
>>>>> ****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>>
>>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>>
>>>>> ****
>>>>>
>>>>> ****
>>>>>
>>>>> ****
>>>>>
>>>>> *Von:* Peter Manev [mailto:petermanev at gmail.com]
>>>>> *Gesendet:* Samstag, 16. Juni 2012 15:46
>>>>> *An:* Stefan Sabolowitsch
>>>>> *Cc:* oisf-users at openinfosecfoundation.org
>>>>> *Betreff:* Re: [Oisf-users] segfault with latest suricata version (rev
>>>>> 988c92f) 1.3x****
>>>>>
>>>>> ****
>>>>>
>>>>> Hi Stefan,
>>>>> Have you specified " interface br0" in the yaml conf file:****
>>>>>
>>>>> pcap:
>>>>> *- interface: br0*
>>>>> #buffer-size: 32768
>>>>> #bpf-filter: "tcp and port 25"
>>>>> # Choose checksum verification mode for the interface. At the moment
>>>>> # of the capture, some packets may be with an invalid checksum due
>>>>> to
>>>>> # offloading to the network card of the checksum com****
>>>>>
>>>>>
>>>>> How did you compile Suricata?
>>>>>
>>>>> Thanks****
>>>>>
>>>>> On Sat, Jun 16, 2012 at 2:13 PM, Stefan Sabolowitsch <
>>>>> Stefan.Sabolowitsch at felten-group.com> wrote:****
>>>>>
>>>>> Hi all,****
>>>>>
>>>>> i have with the latest suricata Version (rev 988c92f) a segfault, never
>>>>> seen before ?beta2?. ****
>>>>>
>>>>> ****
>>>>>
>>>>> Any help ?****
>>>>>
>>>>> ****
>>>>>
>>>>> Thx****
>>>>>
>>>>> Stefan****
>>>>>
>>>>> ****
>>>>>
>>>>> -#-#-#- snipp #-#-#-#-#****
>>>>>
>>>>> Jun 16 13:55:49 ipd1 kernel: device br0 left promiscuous mode****
>>>>>
>>>>> Jun 16 13:55:49 ipd1 kernel: device br1 left promiscuous mode****
>>>>>
>>>>> Jun 16 13:55:49 ipd1 sancp: Exiting****
>>>>>
>>>>> Jun 16 13:55:50 ipd1 sancp: Exiting****
>>>>>
>>>>> Jun 16 13:56:41 ipd1 sancp: Retrieved last connection ID:
>>>>> 5754602263574629554 8 0****
>>>>>
>>>>> Jun 16 13:56:41 ipd1 kernel: device br0 entered promiscuous mode****
>>>>>
>>>>> Jun 16 13:56:41 ipd1 sancp: started normally****
>>>>>
>>>>> Jun 16 13:56:53 ipd1 kernel: RxPcapbr010[10498]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007ff755148ce8 error 14****
>>>>>
>>>>> Jun 16 13:56:53 ipd1 kernel: RxPcapbr05[10493]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007ff75a23bce8 error 14 in suricata[400000+179000]
>>>>> ****
>>>>>
>>>>> Jun 16 13:56:53 ipd1 kernel: in suricata[400000+179000]****
>>>>>
>>>>> Jun 16 13:56:53 ipd1 kernel: RxPcapbr06[10494]: segfault at 21 ip
>>>>> 0000000000000021 sp 00007ff75983ace8 error 14 in suricata[400000+179000]
>>>>> ****
>>>>>
>>>>> Jun 16 13:56:58 ipd1 sancp: Retrieved last connection ID:
>>>>> 5754602263574929436 8 0****
>>>>>
>>>>> Jun 16 13:56:58 ipd1 kernel: device br1 entered promiscuous mode****
>>>>>
>>>>> Jun 16 13:56:58 ipd1 sancp: started normally****
>>>>>
>>>>> -#-#-#-#-snapp-+-+-+-+-+-****
>>>>>
>>>>> ****
>>>>>
>>>>> And I found this in the logfile:****
>>>>>
>>>>> ****
>>>>>
>>>>> [10493] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10493] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10489] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10489] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10492] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10491] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10494] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10491] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10494] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10490] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10492] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10495] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10495] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10490] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10496] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10496] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10498] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10498] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10501] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10501] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10499] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10499] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10500] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10500] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10497] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10502] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10497] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10502] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10503] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10503] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10505] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10505] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10504] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10504] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10507] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10507] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10506] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10506] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10509] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10509] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10508] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10508] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10510] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10510] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10511] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10511] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10512] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10512] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10513] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10513] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10514] 16/6/2012 -- 13:56:53 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10514] 16/6/2012 -- 13:56:53 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10515] 16/6/2012 -- 13:56:53 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10516] 16/6/2012 -- 13:56:53 - (source-pcap.c:353) <Info>
>>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>>
>>>>> [10515] 16/6/2012 -- 13:56:53 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10516] 16/6/2012 -- 13:56:53 - (source-pcap.c:358) <Info>
>>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>>> interface state will require 1000 packets.****
>>>>>
>>>>> [10517] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>>> find Live device****
>>>>>
>>>>> [10518] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>>> find Live device****
>>>>>
>>>>> [10520] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>>> find Live device****
>>>>>
>>>>> [10519] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>>> find Live device****
>>>>>
>>>>> ****
>>>>>
>>>>> ****
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Oisf-users mailing list
>>>>> Oisf-users at openinfosecfoundation.org
>>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users****
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -- ****
>>>>>
>>>>> Regards,****
>>>>>
>>>>> Peter Manev****
>>>>>
>>>>> ****
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Peter Manev
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Peter Manev
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>>
>>
>>
>
>
> --
> Regards,
> Peter Manev
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120619/67031e13/attachment.html
>
> ------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> End of Oisf-users Digest, Vol 31, Issue 36
> ******************************************
More information about the Oisf-users
mailing list