Snort mailing list archives

Re: maximum length for msg?

From: Dirk Geschke <Dirk_Geschke () genua de>
Date: Fri, 16 Sep 2005 15:23:14 +0200

Hi Alex,

You are correct about that line being present in decode.h. However, that 
#define doesn't seem to have any effect on Snort's ability to deal with 
longer msg strings. For example, I tested 2.3.3 and 2.4 with a fake rule 
designed to maximize the length of that string:


yes, but you did not check all output-plugins:

output-plugins/spo_alert_unixsock.c, line 197:              

 strlen(msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(msg));

Ok, I think no one really wants to use a message larger than 255 
bytes...

Best regards

Dirk



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

postscan Ron Jenkins (Sep 15)
- RE: postscan Paul Melson (Sep 15)
  - Re: postscan Jeff Kell (Sep 15)
    - Re: postscan Michael Sierchio (Sep 15)
    - RE: postscan Paul Melson (Sep 15)
- maximum length for msg? Peggy Kam (Sep 15)
  - Re: maximum length for msg? Alex Kirk (Sep 15)
    - Re: maximum length for msg? Dirk Geschke (Sep 16)
    - Re: maximum length for msg? Alex Kirk (Sep 16)
    - Re: maximum length for msg? Dirk Geschke (Sep 16)
    - Re: maximum length for msg? Alex Kirk (Sep 16)