Hi, I have updated the snort rules recently through activeworx and after pushing them to my sensors snort will not start. On manually trying to start snort, I get the error below. Do you have some guidelines on troubleshooting segmentation faults?



/etc/init.d/snort start Starting Intrusion Database System: SNORT
/etc/init.d/snort: line 46: 3230 Segmentation fault $SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS


Thanks

Its actually in the /etc/init.d/snort file and this is where it appears to fail:

case "$1" in
     start)
        echo "Starting Intrusion Database System: SNORT"
        $SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS
        if [ "`pidof $SNORT_PATH/snort`" ]; then
                echo "SNORT is up and running!"
        else
                exit 0

The problem appears to be related to last time I pushed out the rules and update made changes to some regular rules files, emerging threats rules and to a couple of the configuration files.  If I set to rule path to an old directory with older rules and configuration files it works fine.   I have posted this as well at snort.org forums but posted it here as well in case anyone else had seen similar issues after updating via policy manager.

Thanks, I was eventually able to track down the rule that was causing the problem.  Once I disabled it, snort was back up and running.