Snort mailing list archives
Re: Snort 2.3.0 Final released!
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 26 Jan 2005 10:45:59 -0600
On Wed, 2005-01-26 at 11:04 +0200, Nerijus Krukauskas wrote:
Well, fixes for these two (I'm just guessing) broke the way the comments are handled in threshold/suppress configs. I'm used to put a short comment after threshold/suppress command in threshold.conf. That way I know why I've put it there. E.g. suppress gen_id 1, sig_id 3003, track by_src, ip x.y.z.w # hostname (MBSA/AV scans) snort-2.3.0 now barfs on me because of the slash (/) in comment. If I change it to dash (-), then it parses the command without errors. Am I not supposed to put comments this way or is this a small bug?
Same thing happened to me. I send in a patch which apparently didn't make it into the release. It's attached to this email. With it, you can patch sfthreshold.c and continue using slashes in comments in threshold.conf. Note: Slashes elsewhere may still break things. This issue should be fixed centrally in the parser. My patch only addresses the parsing for threshold.conf. Regards, Frank
Attachment:
comment-patch
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort 2.3.0 Final released! Jeremy Hewlett (Jan 25)
- Re: Snort 2.3.0 Final released! Nerijus Krukauskas (Jan 26)
- Re: Snort 2.3.0 Final released! Frank Knobbe (Jan 26)
- Re: Snort 2.3.0 Final released! Nerijus Krukauskas (Jan 26)