Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss)

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 10 Aug 2001 12:51:25 +1200
On Thu, Aug 09, 2001 at 04:54:45PM -0400, Martin Roesch wrote:

Could you try using the http_decode preprocessor instead of unidecode,
that may be causing your problem (and they have approximately the same
functionality at this point).  Try it with that and let me know how it
goes.


OK.



Oh, and put frag2 before everything else, you're preprocessors are going
to be run "out of order" otherwise (IOW, you probably want to do IP
defragmentation before the others...)



Whoa! That's news to me. I sort  of expected the conf to be read from start
to finish and then acted on. Is that documented anywhere? I understand the
rules are order dependant - but never thought things like preprocessors
would be.

Now I know, I'll pay more attention to where I write things :-)

Thanks for the heads-up.

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: