Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: tag rules and logging

From: Michael Anderson <mca () arlut utexas edu>
Date: Wed, 23 Jan 2002 08:51:31 -0600
I put in a quick workaround by including a default message when CallLogFuncs is
called to log a tagged packet.   The mods were made to the 1.8.3 version of
rules.c lines 3686 and 3709.
CallLogFuncs(p, "Tag", NULL, &event);

-Mike

Chris Green wrote:


roman () danyliw com writes:


The tag rule option will log correctly to the database.  However,
there is currently a bug in snort which causes these extra packets to
be logged with a NULL signature.


Its of an issue with how sp_database handles log events.

There is no "msg" associated with a log event and a tag allows log
entries to be dynamically created.
--
Chris Green <cmg () uab edu>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: