I'm having a problem with rsyslogd seg faulting. The daemon (1.12.0) is
running on RHEL 4 and the clients are FreeBSD 4.x & 5.x. It doesn't
seem to catch the name from the clients leading to a seg fault. Ideas,
workarounds? Any help would be greatly appreciated!
-Dusty
# /usr/sbin/rsyslogd -d -r 0 -n
......
-1208042912: Message from UDP inetd socket: #12, host: xxx.xxx.xxx.xxx
-1208042912: Message length: 46, File descriptor: 12.
-1208042912: logmsg: daemon.notice<29>, flags 2, from (null), msg Oct 27
16:15:38 snort: GLOBAL CONFIG
Segmentation fault
server messages file contains:
----------
Oct 27 16:15:39 snort: ,-----------[Flow Config]----------------------
Oct 27 16:15:39 snort: | Stats Interval: 0
Oct 27 16:15:39 snort: | Hash Method: 2
Oct 27 16:15:39 snort: | Memcap: 10485760
Oct 27 16:15:39 snort: | Rows : 4099
Oct 27 16:15:39 snort: | Overhead Bytes: 32800(%0.31)
Oct 27 16:15:39 snort: `----------------------------------------------
Oct 27 16:15:39 snort: HttpInspect Config:
client messages file contains:
---------
Oct 27 10:00:03 fred snort: ,-----------[Flow
Config]----------------------
Oct 27 10:00:03 fred snort: | Stats Interval: 0
Oct 27 10:00:03 fred snort: | Hash Method: 2
Oct 27 10:00:03 fred snort: | Memcap: 10485760
Oct 27 10:00:03 fred snort: | Rows : 4099
Oct 27 10:00:03 fred snort: | Overhead Bytes: 32800(%0.31)
Oct 27 10:00:03 fred snort:
`----------------------------------------------
Oct 27 10:00:03 fred snort: HttpInspect Config:
Oct 27 10:00:03 fred snort: GLOBAL CONFIG
Oct 27 10:00:03 fred snort: Max Pipeline Requests: 0
Oct 27 10:00:03 fred snort: Inspection Type: STATELESS
Oct 27 10:00:03 fred snort: Detect Proxy Usage: NO
Oct 27 10:00:03 fred snort: IIS Unicode Map Filename:
/etc/nsm/unicode.map
Oct 27 10:00:03 fred snort: IIS Unicode Map Codepage: 1252
Oct 27 10:00:03 fred snort: DEFAULT SERVER CONFIG:
running on RHEL 4 and the clients are FreeBSD 4.x & 5.x. It doesn't
seem to catch the name from the clients leading to a seg fault. Ideas,
workarounds? Any help would be greatly appreciated!
-Dusty
# /usr/sbin/rsyslogd -d -r 0 -n
......
-1208042912: Message from UDP inetd socket: #12, host: xxx.xxx.xxx.xxx
-1208042912: Message length: 46, File descriptor: 12.
-1208042912: logmsg: daemon.notice<29>, flags 2, from (null), msg Oct 27
16:15:38 snort: GLOBAL CONFIG
Segmentation fault
server messages file contains:
----------
Oct 27 16:15:39 snort: ,-----------[Flow Config]----------------------
Oct 27 16:15:39 snort: | Stats Interval: 0
Oct 27 16:15:39 snort: | Hash Method: 2
Oct 27 16:15:39 snort: | Memcap: 10485760
Oct 27 16:15:39 snort: | Rows : 4099
Oct 27 16:15:39 snort: | Overhead Bytes: 32800(%0.31)
Oct 27 16:15:39 snort: `----------------------------------------------
Oct 27 16:15:39 snort: HttpInspect Config:
client messages file contains:
---------
Oct 27 10:00:03 fred snort: ,-----------[Flow
Config]----------------------
Oct 27 10:00:03 fred snort: | Stats Interval: 0
Oct 27 10:00:03 fred snort: | Hash Method: 2
Oct 27 10:00:03 fred snort: | Memcap: 10485760
Oct 27 10:00:03 fred snort: | Rows : 4099
Oct 27 10:00:03 fred snort: | Overhead Bytes: 32800(%0.31)
Oct 27 10:00:03 fred snort:
`----------------------------------------------
Oct 27 10:00:03 fred snort: HttpInspect Config:
Oct 27 10:00:03 fred snort: GLOBAL CONFIG
Oct 27 10:00:03 fred snort: Max Pipeline Requests: 0
Oct 27 10:00:03 fred snort: Inspection Type: STATELESS
Oct 27 10:00:03 fred snort: Detect Proxy Usage: NO
Oct 27 10:00:03 fred snort: IIS Unicode Map Filename:
/etc/nsm/unicode.map
Oct 27 10:00:03 fred snort: IIS Unicode Map Codepage: 1252
Oct 27 10:00:03 fred snort: DEFAULT SERVER CONFIG: