Snort mailing list archives
Re: snort core dumping SOLUTION
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 26 Oct 2001 18:19:08 -0400
This is actually a Snort parser problem too, you managed to fake out the
validator. I've written code that will catch this condition and checked
it into CVS.
-Marty
Leonardo Rodrigues wrote:
Wow ..... sorry ..... seems its not a snort problem, its mine
problem :)
snort.conf rules were wrong, they were:
log tcp any any -> any 80 (MSG"HTTP";logto:"http.log";)
log tcp any 80 -> any any (MSG"HTTP";logto:"http.log";)
You could notice its missing the ':' right after MSG .... included
that and snort loads fine !!
Thanks for all answers ...
Suggestion for developers .... shouldnt snort parse rules and simply
ignore errors, without core dumping ????
Sincerily,
Leonardo Rodrigues
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort core dumping Leonardo Rodrigues (Oct 26)
- <Possible follow-ups>
- Fw: snort core dumping Leonardo Rodrigues (Oct 26)
- Re: snort core dumping SOLUTION Leonardo Rodrigues (Oct 26)
- Re: snort core dumping SOLUTION Erek Adams (Oct 26)
- Re: snort core dumping SOLUTION Martin Roesch (Oct 27)
- Re: snort core dumping SOLUTION Leonardo Rodrigues (Oct 26)