Snort mailing list archives
Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase)
From: Martijn van Oosterhout <kleptog () gmail com>
Date: Thu, 12 Jun 2014 11:31:33 +0200
On 11 June 2014 19:17, Joel Esler (jesler) <jesler () cisco com> wrote:
On Jun 11, 2014, at 12:01 PM, Martijn van Oosterhout <kleptog () gmail com> wrote: Snort version: 2.9.6.0, but appears to affect older versions as well I have to askā¦ Did you replicate it with the current shipping version? 2.9.6.1?
Fails there too. Attached are two typescript outputs for two successive runs on 2.9.6.1, using a pristine tarball from the website built with ./configure --enable-debug. The only difference between the two runs is the comment symbol in the snort.conf. As to why Nicholas can't reproduce it, I don't know. I've included the md5sums of the config files to see if there are other possibilities. I also checked with strace that it was loading the correct config files. Anything else I can try? Have a nice day, -- Martijn van Oosterhout <kleptog () gmail com> http://svana.org/kleptog/
Attachment:
typescript.fail
Description:
Attachment:
typescript.ok
Description:
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 11)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Joel Esler (jesler) (Jun 11)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Nicholas Mavis (nmavis) (Jun 11)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 12)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 13)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 13)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Joel Esler (jesler) (Jun 11)