Snort mailing list archives
Double logging :(
From: "Dorwin T. Shields, Jr." <dorwin () earthlink net>
Date: Tue, 12 Aug 2003 12:42:20 -0500
Hi, I'm attempting to capture s mtp sessions in snort. I capture to a binary file for efficiency then replay into snort using options -de -r <file> -c <config>. My config file has only a few rules (if memory serves): frag2 stream4: timeout 60 stream4_reassembly: client only log tcp any any -> any 25 (session: printable;) I limit to port 25 during the capture. Every session file I get is twice as large as it should be. It looks like everything is doubled. Is it something I'm doing or is this broken? Also, I tried using version 1.9.1 and it did the same thing on both linux and windows. Thanks, Dorwin
Current thread:
- double logging :( Dorwin T. Shields, Jr. (Aug 12)
- <Possible follow-ups>
- Double logging :( Dorwin T. Shields, Jr. (Aug 12)
- Re: Double logging :( Erek Adams (Aug 12)
- Re: Double logging :( dorwin (Aug 13)
- Re: Double logging :( Erek Adams (Aug 13)
- Re: Double logging :( Patrick Dolan (Aug 13)
- Re: Double logging :( Erek Adams (Aug 12)