Snort mailing list archives
Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss)
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 10 Aug 2001 12:51:25 +1200
On Thu, Aug 09, 2001 at 04:54:45PM -0400, Martin Roesch wrote:
Could you try using the http_decode preprocessor instead of unidecode, that may be causing your problem (and they have approximately the same functionality at this point). Try it with that and let me know how it goes.
OK.
Oh, and put frag2 before everything else, you're preprocessors are going to be run "out of order" otherwise (IOW, you probably want to do IP defragmentation before the others...)
Whoa! That's news to me. I sort of expected the conf to be read from start to finish and then acted on. Is that documented anywhere? I understand the rules are order dependant - but never thought things like preprocessors would be. Now I know, I'll pay more attention to where I write things :-) Thanks for the heads-up. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Linux and packet loss Matthew Collins (Aug 01)
- Re: Linux and packet loss Chris Green (Aug 01)
- Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Jason Haar (Aug 01)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Dragos Ruiu (Aug 01)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Jason Haar (Aug 01)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Steve Williams (Aug 01)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss Jason Haar (Aug 02)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss Andreas Östling (Aug 02)
- Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Jason Haar (Aug 01)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Daniel Harrison (Aug 02)
- Re: Linux and packet loss Chris Green (Aug 01)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Martin Roesch (Aug 09)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Jason Haar (Aug 09)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Martin Roesch (Aug 09)
- Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss) Martin Roesch (Aug 09)
- <Possible follow-ups>
- Re: Linux and packet loss Matthew Collins (Aug 02)
- Re: Linux and packet loss Jason Haar (Aug 02)
- Re: Linux and packet loss Martin Roesch (Aug 02)
- Re: Linux and packet loss Jason Haar (Aug 02)
- Re: Linux and packet loss Phil Wood (Aug 02)
- ACID and MySQL questions Jason Lewis (Aug 02)
- Re: ACID and MySQL questions meling (Aug 03)
- Re: Linux and packet loss Jason Haar (Aug 02)