Your message dated Sun, 03 May 2009 23:32:15 +0000
with message-id <[email protected]>
and subject line Bug#449568: fixed in snort 2.7.0-25
has caused the Debian Bug report #449568,
regarding snort-mysql: Loses connection to database if too few events occur
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
449568: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449568
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: snort-mysql
Version: 2.7.0-6
Severity: important
I'm using snort-mysql and every now and then snort just isn't running
anymore. There is not entry in snort.log and I still have to run snort
under strace(1) and see if it'll tell me why it exits, but I've run
snort-mysql under valgrind and after 3 days it dumped core (it never
dumped core before):
Invalid read of size 4
at 0x80A9CE0: (within /usr/sbin/snort)
by 0x80AAD7E: (within /usr/sbin/snort)
by 0x8063C7D: (within /usr/sbin/snort)
by 0x805EBFD: (within /usr/sbin/snort)
by 0x805EDB2: (within /usr/sbin/snort)
by 0x42A0BA3: (within /usr/lib/libpcap.so.0.9.8)
by 0x42A0EF6: pcap_dispatch (in
/usr/lib/libpcap.so.0.9.8)
by 0x805BCE8: (within /usr/sbin/snort)
by 0x805E158: (within /usr/sbin/snort)
by 0x805EA21: (within /usr/sbin/snort)
by 0x431C44F: (below main) (in
/lib/i686/cmov/libc-2.7.so)
Address 0x8 is not stack'd, malloc'd
or (recently) free'd
Process terminating with default action of signal 11 (SIGSEGV): dumping core
Access not within mapped region at address 0x8
at 0x80A9CE0: (within /usr/sbin/snort)
by 0x80AAD7E: (within /usr/sbin/snort)
by 0x8063C7D: (within /usr/sbin/snort)
by 0x805EBFD: (within /usr/sbin/snort)
by 0x805EDB2: (within /usr/sbin/snort)
by 0x42A0BA3: (within /usr/lib/libpcap.so.0.9.8)
by 0x42A0EF6: pcap_dispatch (in /usr/lib/libpcap.so.0.9.8)
by 0x805BCE8: (within /usr/sbin/snort)
by 0x805E158: (within /usr/sbin/snort)
by 0x805EA21: (within /usr/sbin/snort)
by 0x431C44F: (below main) (in /lib/i686/cmov/libc-2.7.so)
ERROR SUMMARY:
102652 errors from 49 contexts (suppressed: 0 from 0)
malloc/free: in use at exit: 168,233,182 bytes in 526,689 blocks.
malloc/free: 5,227,901 allocs, 4,701,212 frees, 275,777,042 bytes allocated.
For counts of detected errors, rerun with: -v searching for pointers to 526,689
not-freed blocks. checked 174,012,052 bytes.
--------------
More details: http://nerdbynature.de/bits/snort
Can somebody make any sense of the log entries above? I still have the
coredump (222MB, 16MB in bz2), I could upload it too if needed.
Thanks,
Christian.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-rc5
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages snort-mysql depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libmysqlclient15off 5.0.45-3 MySQL database client library
ii libpcap0.8 0.9.8-2 System interface for user-level pa
ii libpcre3 7.3-2 Perl 5 Compatible Regular Expressi
ii logrotate 3.7.1-3 Log rotation utility
ii snort-common 2.7.0-6 Flexible Network Intrusion Detecti
ii snort-common-libraries 2.7.0-6 Flexible Network Intrusion Detecti
ii snort-rules-default 2.7.0-6 Flexible Network Intrusion Detecti
ii syslog-ng [system-log-d 2.0.5-3 Next generation logging daemon
ii zlib1g 1:1.2.3.3.dfsg-7 compression library - runtime
snort-mysql recommends no packages.
-- debconf information:
* snort-mysql/db_database: snort
* snort-mysql/options:
snort-mysql/stats_treshold: 1
* snort-mysql/interface: eth2
* snort-mysql/db_host: 127.0.0.1
* snort-mysql/address_range: 192.168.10.0/24
* snort-mysql/reverse_order: false
snort-mysql/please_restart_manually:
snort-mysql/config_error:
* snort-mysql/configure_db: true
* snort-mysql/startup: boot
* snort-mysql/send_stats: false
* snort-mysql/needs_db_config:
snort-mysql/stats_rcpt: root
* snort-mysql/db_user: snort
* snort-mysql/disable_promiscuous: false
snort-mysql/config_parameters:
--- End Message ---
--- Begin Message ---
Source: snort
Source-Version: 2.7.0-25
We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:
snort-common-libraries_2.7.0-25_i386.deb
to pool/main/s/snort/snort-common-libraries_2.7.0-25_i386.deb
snort-common_2.7.0-25_all.deb
to pool/main/s/snort/snort-common_2.7.0-25_all.deb
snort-doc_2.7.0-25_all.deb
to pool/main/s/snort/snort-doc_2.7.0-25_all.deb
snort-mysql_2.7.0-25_i386.deb
to pool/main/s/snort/snort-mysql_2.7.0-25_i386.deb
snort-pgsql_2.7.0-25_i386.deb
to pool/main/s/snort/snort-pgsql_2.7.0-25_i386.deb
snort-rules-default_2.7.0-25_all.deb
to pool/main/s/snort/snort-rules-default_2.7.0-25_all.deb
snort_2.7.0-25.diff.gz
to pool/main/s/snort/snort_2.7.0-25.diff.gz
snort_2.7.0-25.dsc
to pool/main/s/snort/snort_2.7.0-25.dsc
snort_2.7.0-25_i386.deb
to pool/main/s/snort/snort_2.7.0-25_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[email protected]> (supplier of updated snort
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 03 May 2009 23:40:26 +0200
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql
snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-25
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[email protected]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[email protected]>
Description:
snort - flexible Network Intrusion Detection System
snort-common - flexible Network Intrusion Detection System [common files]
snort-common-libraries - flexible Network Intrusion Detection System ruleset
snort-doc - Documentation for the Snort IDS [documentation]
snort-mysql - flexible Network Intrusion Detection System [MySQL]
snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 449568 502084 510704
Changes:
snort (2.7.0-25) unstable; urgency=low
.
* Use src/output-plugins/spo_database.c from the 2.8.4.1 release. This
version includes
the necessary code to configure the mysql connection so that it reconnects
to the database
in case the connection gets lost. This might happen if too few events are
logged in
Snort and the database connection timeouts. (Closes: #449568)
* Copy over src/ipv6_port.h from 2.8.4.1 and include it in
src/output-plugins/spo_database.c
* Update Japanese translation for the templates, thanks to Hideki Yamane
(Closes: 510704)
* Move the code that detects if interfaces are down over to snort-pgsql and
snort-mysql.
This way, if the interface defined is not available it will prompt again,
raising the
debconf priority (Closes: #502084)
* Change all the config_parameters debconf input from 'medium' to 'error'
* Change all the needs_db_config debconf questions from 'medium' to 'high'
since users
that do not see this note will end up with a non-functioning package.
Checksums-Sha1:
3a64e738507abf3f02d76b153a45439bc61d8942 1392 snort_2.7.0-25.dsc
cc17603b8af6bdb592ce8a6ce2da71d8e5628ff3 1662526 snort_2.7.0-25.diff.gz
9e071e9680bdd29e9d3a987a9feefd1252745305 466920 snort_2.7.0-25_i386.deb
ec2ca86d79c0c777e6fcf3c5f77045d1aaa99128 479276 snort-mysql_2.7.0-25_i386.deb
57605482625daa5f1686db65950abe73c9d193d9 479064 snort-pgsql_2.7.0-25_i386.deb
bf03015accbc6f01fedb0b653cdd1f7d5e2ea057 245238
snort-common-libraries_2.7.0-25_i386.deb
a998cc442a6c38af8e2ae376bf58a68d58a4fcec 148486 snort-common_2.7.0-25_all.deb
ba8ff536ff39fc894b6373119d613f56e3b9b055 2304268 snort-doc_2.7.0-25_all.deb
86d6573df303eaa2d0eda38ff9862e9d43ab255d 402918
snort-rules-default_2.7.0-25_all.deb
Checksums-Sha256:
f9eb5d8d38cfd60622bfc2c0741369a59ffe2c610c56fceeae34530c89ddac61 1392
snort_2.7.0-25.dsc
183ceb889752d7bf0dab39bc8f2c73b96cc8ab22fdb2ffed8ed995a025e1a659 1662526
snort_2.7.0-25.diff.gz
23dfe65d959d922f3ae2e06b74e1713c63390a5f2ef2d0eb67d6a6805d21d581 466920
snort_2.7.0-25_i386.deb
7862d0cc53eef7cee74b959548006da9447a9c1b89c1612a7b4ac66b90159cda 479276
snort-mysql_2.7.0-25_i386.deb
3d5163aa93830538fcbda79a674ec8097bd87a31cf6d85971ba11ba41cec2af8 479064
snort-pgsql_2.7.0-25_i386.deb
1fde0f228aa678ca310beb8df2d0595aa24e18179d7ae8050c3b8dfcd74fd42a 245238
snort-common-libraries_2.7.0-25_i386.deb
20c83cfd7e12444934b38f5ad2126e3caf5b1dc639e1a2052b31fe2c4699117d 148486
snort-common_2.7.0-25_all.deb
05cdd7a0c875d835feca1f2a9544788ead6271c8013b51ecdd1b1c6e7d0d927c 2304268
snort-doc_2.7.0-25_all.deb
f37114567cf3d94e7c4194df11605318811927480c233c0f8bf405c89bb1ee3f 402918
snort-rules-default_2.7.0-25_all.deb
Files:
a3b5960ab18ed2f3be7f94b80083b1a5 1392 net optional snort_2.7.0-25.dsc
7f86a736720236f56cced43d157bdac5 1662526 net optional snort_2.7.0-25.diff.gz
d9afe8e4057ba3c931b3f2631b568777 466920 net optional snort_2.7.0-25_i386.deb
7be63f4752478e1a140d6ba374bed422 479276 net extra snort-mysql_2.7.0-25_i386.deb
7fae7c10a366864df7b909faaa536080 479064 net optional
snort-pgsql_2.7.0-25_i386.deb
dacc40eb2567b515ac1133af4a5ff5df 245238 net optional
snort-common-libraries_2.7.0-25_i386.deb
372daa5a03c92f0d45c1187c084b13ea 148486 net optional
snort-common_2.7.0-25_all.deb
0efdd22ed00475cecbbb4663e12a97f1 2304268 doc optional
snort-doc_2.7.0-25_all.deb
8e3bc44c1a13b73571d2d2a1adf1e9d1 402918 net optional
snort-rules-default_2.7.0-25_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ/iCnsandgtyBSwkRAjGTAKCAyMV+YfpENanDGZnfbQiEVNr9gwCfRoq1
CFyy+X77Ga84IneUXXQ3Q7o=
=iEJi
-----END PGP SIGNATURE-----
--- End Message ---
