[Oisf-users] Segmentation fault (core dumped) when setting configuration value with commandline arguments

Tom DeCanio decanio.tom at gmail.com
Tue Jan 5 15:29:47 UTC 2016


I've encountered this one as well.  Never reported it.  A bit of digging
seemed to indicate that setting outputs from the command line doesn't work
for whatever reason I never got to the bottom of.

gdb --args suricata -c /usr/local/etc/suricata/suricata.yaml -i eth0 --set
logging.outputs.file.enabled=yes --set
logging.outputs.filename=/tmp/suricata.log --set logging.outputs.format=json
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from suricata...done.
(gdb) run
Starting program: /usr/local/bin/suricata -c
/usr/local/etc/suricata/suricata.yaml -i eth0 --set
logging.outputs.file.enabled=yes --set
logging.outputs.filename=/tmp/suricata.log --set logging.outputs.format=json
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[27736] 5/1/2016 -- 07:27:22 - (conf-yaml-loader.c:239) <Info>
(ConfYamlParse) -- Including configuration file
/usr/local/etc/suricata/rules/rules.yaml.

Program received signal SIGSEGV, Segmentation fault.
__strcmp_sse2_unaligned ()
    at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:30
30    ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such file or
directory.
(gdb) bt
#0  __strcmp_sse2_unaligned ()
    at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:30
#1  0x000000000047a8f1 in ConfNodeLookupChild (node=0x990450, name=0x0)
    at conf.c:726
#2  0x0000000000654b20 in SCLogLoadConfig (daemon=0, verbose=0)
    at util-debug.c:1300
#3  0x0000000000632476 in main (argc=11, argv=0x7fffffffe328)
    at suricata.c:2331
(gdb)


On Tue, Jan 5, 2016 at 7:01 AM, Peter Manev <petermanev at gmail.com> wrote:

> On Tue, 2016-01-05 at 15:08 +0100, Andreas Moe wrote:
> > I tried changing this now, and creating the
> > directory /var/log/suricata/core. But still no dump. Running with sudo
> > i get just "Segmentation fault", without sudo i get "Segmentation
> > fault (core dumped)", but no core dump.
>
> Do you have the right permissions for the folder (if you are running
> suri under a diff user?)
>
> >
> > 2016-01-05 14:56 GMT+01:00 Peter Manev <petermanev at gmail.com>:
> >         On Tue, 2016-01-05 at 14:52 +0100, Andreas Moe wrote:
> >         > I tried this: suricata -c /etc/suricata/suricata.yaml -i
> >         eth0 --set
> >         > logging.outputs.file.enabled=yes --set
> >         > logging.outputs.filename=/tmp/suricata.log --set
> >         > logging.outputs.format=json
> >         > And i got a "Segmentation fault (core dumped)".
> >         >
> >         >
> >         > System:
> >         > - Linux localhost.localdomain 4.2.6-301.fc23.x86_64 #1 SMP
> >         Fri Nov 20
> >         > 22:22:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
> >         > - Fedora release 23 (Twenty Three)
> >         > - Suricata 3.0dev (rev 44a444b)
> >         >
> >         >
> >         > Btw any tips on finding the core dump file? The docs
> >         >
> >         (
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs)
> say it should be in "the current working directory of Suricata". I checked
> my current working dir when i ran the command, /var/log/suricata,
> /etc/suricata, and so on, but did not find it.
> >
> >         In suricata.yaml - the default daemon section should look like
> >         this (if
> >         you have not changed it).
> >
> >         # Daemon working directory
> >         # Suricata will change directory to this one if provided
> >         # Default: "/"
> >
> >         If you keep the defaults it should drop the core there - "/".
> >
> >         On some installations of mine i have set it up as  -
> >         daemon-directory: "/var/log/suricata/core" - and if there is a
> >         core i
> >         gets dropped there.
> >
> >
> >         >
> >         >
> >         > /AndreasM
> >         > _______________________________________________
> >         > Suricata IDS Users mailing list:
> >         oisf-users at openinfosecfoundation.org
> >         > Site: http://suricata-ids.org | Support:
> >         http://suricata-ids.org/support/
> >         > List:
> >
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >         > Suricata User Conference November 4 & 5 in Barcelona:
> >         http://oisfevents.net
> >
> >         --
> >         Regards,
> >         Peter Manev
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
> --
> Regards,
> Peter Manev
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160105/0f214fc3/attachment-0002.html>


More information about the Oisf-users mailing list