Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Frag Preprocessor Preventing Log Parsing

From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 29 Apr 2003 15:59:33 -0400
Snort 2.0.0. Upgrade

If I enable the frag preprocessor and then attempt to read
the binary log as follows:

snort -d -l ./temp -r snort.log.blah -c /usr/local/snort/snort.conf

I get the following error after Snort prints
its header:

pcap_loop: bogus savefile header

Snort processed 0 packets

Sometimes it processes a few packets and then
exits.

As I'm in the process of upgrading and testing
sigs and preprocessors, I'm not sure if its
a bug or something stupid on my part.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: