Snort mailing list archives
Re: preprocessor stream5_global prune_log_max 0
From: elof () sentor se
Date: Wed, 27 May 2015 16:48:40 +0200 (CEST)
Hi! Did you check? Are the changes checked in? Roughly when is the next major release? /Elof On Fri, 27 Mar 2015, Victor Roemer wrote:
Elof, I'm aware of changes to Snort which we've added new "config:" options to make Stream5 less noisy. I'll have to check but they should be in the next major release. ~Victor On 03/27/15 9:20, elof () sentor se wrote:Will this bug ever be fixed? See my initial report from 2 years ago, http://seclists.org/snort/2013/q1/952 and the proposed solution by Gregory in http://seclists.org/snort/2013/q1/967I tried to mute the flood of prune-messages by setting prune_log_max to 1073741824, but it still spam my syslog. :( Perhaps you should review the logging mechanism? I think setting prune_log_max to either 0 or the maximum value should disable the logging completely. I then tried an even higher value, to make it shut up, but then I get: snort[64286]: FATAL ERROR: snort.conf(178) => Invalid Prune Log Max. Must be 0 (disabled) or between 1024 and 1073741824 So I revert back to filtering the spam in my syslog-conf instead. :-/ /Elof ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: preprocessor stream5_global prune_log_max 0 elof (May 27)
- Re: preprocessor stream5_global prune_log_max 0 Victor Roemer (May 27)
- Re: preprocessor stream5_global prune_log_max 0 elof (May 28)
- Re: preprocessor stream5_global prune_log_max 0 Victor Roemer (May 27)