Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Garbage in snort logs

From: Phil Wood <cpw () lanl gov>
Date: Tue, 8 Jan 2002 11:20:14 -0700
On Tue, Jan 08, 2002 at 08:57:57AM +1300, russell wrote:

Hi Phil,
      Thanks for your response to my snort query...


Please send me your config file which should have something like this
for preprocessors:


Here are all the preprocessor directives from the config file:

preprocessor frag2
preprocessor stream4: noalerts
preprocessor frag2

               ^     could be a problem since you already set it above

preprocessor http_decode: 80 
preprocessor rpc_decode: 111 
preprocessor telnet_decode

And the snort version info:

rful011@debian:~$ snort -V 

-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch () sourcefire com, www.snort.org)


  good version.



Cheers and thanks, Russell.



  Well aside from the multiple frag2's I'd say the config should work just
fine.  I was seeing things like you mentioned when using a version less then
1.8.3 build 88.


-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: