log display problem?

["Cedric Raguenaud" <c.raguenaud () dcs napier ac uk>]

Hello,

I hopw this not a dummy question and I didn't spot in the list 
archive.

I noticed something recently in my snort logs: some of the packets 
that are recorded are not displayed when I list them with options 
vdr. These packets are HTTP packets that contain the IIS .ida 
exploit. I know that they are logged because I see them in the 
content of the binary log file and in the snort.alert file, but when I 
display the binary log file through snort, they are not displayed and 
they are listed as "other" protocol.

Here is how I log:
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: /var/log/snort.alert
output log_tcpdump: snort.log

Is there a known issue here or am I doing something wrong?

Any help would be appreciated.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users