Snort mailing list archives
Re: Weird double logging problem
From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 19 Oct 2011 13:51:22 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 19/10/2011 13:42, Jason Wallace wrote:
There is a small difference in the time of those 2 alerts. I would take a tcpdump of your test to make sure you really are not sending 2 requests. Especially since the file is not actually there.
I should have mentioned that I thought had excluded that possibility. I'm running tcpdump on the 'wget' client machine and I can only see one request. I'm doing something similar on a different network and different machine with 2.9.1.1 and not seeing the same result - the only difference is the amount of traffic load. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOnsfJAAoJELhVoVpEMS6RP8gH/286h6CR7h0tbL+p11xyJKBx nmxWBRvcm4BKuXldcFqxMiOQAwVb7MUg6k0vHaDQAKOZyT01fN/Wqg+2QXvaZHw3 7bhOEwInbZoWpmeCgiXk/2zBmZW9l77SehIi69Uq1oXOcvFweOhvE/R0sLFyOZJn eaFNlVaEWGxvnXNAIsvNKs7EtsZyOX2dH0g1AyHeDQXXvQpezCDmurb+SyrJUZ4H OiC59/1bTsXAbsZUt7fCRykk8rxMlkvH5Xb1Dh6TxC8I/540pJF5vqL50cJjwf/e KgJVJOBuRGmpzIdv+IXwsZIy8o9SmAYFiE6DjeZu4q32dTcRpGGaj5DjCntr5Bg= =MYRk -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Weird double logging problem Peter Bates (Oct 19)
- Re: Weird double logging problem Jason Wallace (Oct 19)
- Re: Weird double logging problem Peter Bates (Oct 19)
- Re: Weird double logging problem Peter Bates (Oct 19)
- Re: Weird double logging problem Joel Esler (Oct 19)
- Re: Weird double logging problem Peter Bates (Oct 19)
- Re: Weird double logging problem Jason Wallace (Oct 19)