On Wed, Jan 26, 2005 at 04:30:09PM -0600, Dan Nelson wrote: > In the last episode (Jan 26), Paul Schmehl said: > > --On Wednesday, January 26, 2005 10:33:51 AM -0600 Dan Nelson > > <[EMAIL PROTECTED]> wrote: > > >In the last episode (Jan 26), Paul Schmehl said: > > >>I found this in the messages log when snort died: > > >> > > >>Jan 26 03:19:34 buttercup2 /kernel: pid 53186 (snort), uid 0: exited on > > >>signal 4 > > >> > > >>There was no core dump. Is there a way to figure out what the > > >>cause of the sigill was? > > > > > >An illegal instruction :) No way to find out any more without a > > >core file. > > > > Any way of knowing why sigill didn't produce a core file? (It does when > > make fails.) > > Snort might have disabled it, or it might have been disabled by a > startup script. Try adding "limit -c unlimited" to the snort startup > script. From the log message, it's running as root so it's not like it > couldn't write the corefile.
Tuning the relevant sysctls is also often useful, e.g. for putting the coredump in a mode 1777 directory in case the binary doesn't have write permission to its cwd. kern.sugid_coredump: 1 kern.coredump: 1 kern.corefile: %N.%U.core See core(5) Kris
pgpYjeZqvutEW.pgp
Description: PGP signature
