Re: Hogger 0.1.3 released

["Crook, Parker" <Parker_Crook () reyrey com>]

Andy,



The first few lines of the attribute file should look more like the following:

<SNORT_ATTRIBUTES>

        <ATTRIBUTE_TABLE>

                <HOST>

                        <IP>AAA.BBB.CCC.DDD</IP>

                        <OPERATING_SYSTEM>

                                <NAME>

                                        <ATTRIBUTE_VALUE>IOS</ATTRIBUTE_VALUE>



The formatting you have is definitely the old XML style output... I just double checked and the code in the tarball 
should yield the formatting above as well as the dev code under the svn trunk (0.1.4 DEV).  Can you download either of 
these and try again?  This should fix the issue.



-Parker



PS.  When did you download the code?  I'm a little curious what happened to cause this.

  _____

From: Andy Berryman [mailto:aberryman () Cymtec com]
Sent: Monday, March 22, 2010 10:58 AM
To: Crook, Parker
Cc: snort-users () lists sourceforge net
Subject: RE: Re: [Snort-users] Hogger 0.1.3 released



Parker,



Here is the first 5 lines. I did a google search and saw on the snort forums someone got the same error, but theirs was 
b/c the XML file had the version number and other info at the top. I have none of that.



<SNORT_ATTRIBUTES>

  <ATTRIBUTE_TABLE>

    <HOST IP="10.27.1.4">

      <OPERATING_SYSTEM>

       <NAME ATTRIBUTE_VALUE="Windows" CONFIDENCE="90"></NAME>







Thanks,

Andy





From: Crook, Parker [mailto:Parker_Crook () reyrey com]
Sent: Monday, March 22, 2010 9:52 AM
To: Andy Berryman
Cc: snort-users () lists sourceforge net
Subject: RE: Re: [Snort-users] Hogger 0.1.3 released



Andy,



This bug was the reason for the changes made in 0.1.3, where the XML output was in the incorrect format.  I just 
downloaded the current tarball and ran on my nmap files and diffed them with my working attribute table that Snort is 
currently using on and came up with no differences.  Is it possible for you to send me the first 5 lines (obfuscated of 
course)?



Thanks,

Parker



  _____

From: Andy Berryman [mailto:aberryman () Cymtec com]
Sent: Monday, March 22, 2010 10:31 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Hogger 0.1.3 released



I'm trying to use hogger and I've got the host_attrib_table.xml file created. But when I add the line to my snort.conf 
I get an error.



Line I'm adding: attribute_table filename /etc/snort/host_attrib_table.xml



Error I get: "Invalid Attribute Table specification: '/etc/snort/host_attrib_table.xml' Please verify the grammar at or 
near line2 (tag '<')."

  "failed to load attribute table from /etc/snort/host_attrib_table.xml"



Any tips? I compiled snort this morning and I had the --enable-targetbased in the ./configure line





I'm running snort 2.8.5.3 and the conf file that comes with the download.



Thanks,

Andy Berryman





  _____

This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) 
named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this message in error and that any review, disclosure, copying, 
distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, 
please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.

  _____



  _____

This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) 
named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that you have received this message in error and that any review, disclosure, copying, 
distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, 
please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.

  _____



------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users