Snort mailing list archives
Frag Preprocessor Preventing Log Parsing
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 29 Apr 2003 15:59:33 -0400
Snort 2.0.0. Upgrade If I enable the frag preprocessor and then attempt to read the binary log as follows: snort -d -l ./temp -r snort.log.blah -c /usr/local/snort/snort.conf I get the following error after Snort prints its header: pcap_loop: bogus savefile header Snort processed 0 packets Sometimes it processes a few packets and then exits. As I'm in the process of upgrading and testing sigs and preprocessors, I'm not sure if its a bug or something stupid on my part. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Frag Preprocessor Preventing Log Parsing Gary Flynn (Apr 29)