Snort mailing list archives
Re: snort core dumping SOLUTION
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 26 Oct 2001 18:19:08 -0400
This is actually a Snort parser problem too, you managed to fake out the validator. I've written code that will catch this condition and checked it into CVS. -Marty Leonardo Rodrigues wrote:
Wow ..... sorry ..... seems its not a snort problem, its mine problem :) snort.conf rules were wrong, they were: log tcp any any -> any 80 (MSG"HTTP";logto:"http.log";) log tcp any 80 -> any any (MSG"HTTP";logto:"http.log";) You could notice its missing the ':' right after MSG .... included that and snort loads fine !! Thanks for all answers ... Suggestion for developers .... shouldnt snort parse rules and simply ignore errors, without core dumping ???? Sincerily, Leonardo Rodrigues _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort core dumping Leonardo Rodrigues (Oct 26)
- <Possible follow-ups>
- Fw: snort core dumping Leonardo Rodrigues (Oct 26)
- Re: snort core dumping SOLUTION Leonardo Rodrigues (Oct 26)
- Re: snort core dumping SOLUTION Erek Adams (Oct 26)
- Re: snort core dumping SOLUTION Martin Roesch (Oct 27)
- Re: snort core dumping SOLUTION Leonardo Rodrigues (Oct 26)