Re: Snort 2.0 rc1 Observations

[Chris Green <cmg () sourcefire com>]

"Kenneth G. Arnold" <bkarnold () cbu edu> writes:

> 3.  Once I did get Snort to start, I noticed that a lot of the rules that
> had pass rules for specific circumstances were starting to fire where they
> did not in version 1.9.1. The database started to fill up very fast with
> all of these situations where the pass rule should have prevented the
> alert.  When I eventually stopped Snort, only 11 passes were recorded
> where there should have been hundreds if not thousands.  The startup
> script I used was the same startup script that I had used for version
> 1.9.1.

The other 2 issues are known and fixed.

Please create an example configuration of what's going on with a
snort.conf, command line, a pass rule, an alert rule and perferably a
packet capture.
-- 
Chris Green <cmg () sourcefire com>
To err is human, to moo bovine.


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users