Snort mailing list archives

Re: maximum length for msg?

From: Dirk Geschke <dirk () geschke-online de>
Date: Fri, 16 Sep 2005 09:47:45 +0200

Hi Alex,

There's no specific length maximum for the msg; as long as you keep your 
rule below 1,024 characters, you'll be fine.


are you sure about this? At least I remember this as part of decode.h:

#define        ALERTMSG_LENGTH 256

So I guess more than 255 characters in the messags won't make any
sense, or? So maybe snort can read more characters from the rule
but internally it only uses up to 255...

Best regards

Dirk


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

postscan Ron Jenkins (Sep 15)
- RE: postscan Paul Melson (Sep 15)
  - Re: postscan Jeff Kell (Sep 15)
    - Re: postscan Michael Sierchio (Sep 15)
    - RE: postscan Paul Melson (Sep 15)
- maximum length for msg? Peggy Kam (Sep 15)
  - Re: maximum length for msg? Alex Kirk (Sep 15)
    - Re: maximum length for msg? Dirk Geschke (Sep 16)
    - Re: maximum length for msg? Alex Kirk (Sep 16)
    - Re: maximum length for msg? Dirk Geschke (Sep 16)
    - Re: maximum length for msg? Alex Kirk (Sep 16)