Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram?

From: Michael Altizer <xiche () verizon net>
Date: Sun, 30 Jan 2011 15:30:57 -0500
On 01/30/2011 02:10 PM, Michael Scheidell wrote:


so, I am still wondering if snort is using daq !
Snort will always be using LibDAQ, so don't worry about that. For example, in your case it is going Snort -> LibDAQ -> LibPCAP -> FreeBSD BPF.
There is, however, a legitimate (and a tad embarrassing) bug in the current PCAP DAQ module where it is not properly parsing the "buffer_size" DAQ variable. I'll be entering a bug on the Sourcefire side to fix this, thanks for uncovering it. If you want to fix it locally, you can use the attached patch and rebuild the PCAP DAQ module.

Attachment: pcap_buffer_size_fix.patch
Description: 

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: