Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase)

From: Martijn van Oosterhout <kleptog () gmail com>
Date: Thu, 12 Jun 2014 11:31:33 +0200
On 11 June 2014 19:17, Joel Esler (jesler) <jesler () cisco com> wrote:


 On Jun 11, 2014, at 12:01 PM, Martijn van Oosterhout <kleptog () gmail com>
wrote:

Snort version: 2.9.6.0, but appears to affect older versions as well

 I have to askā€¦  Did you replicate it with the current shipping version?
 2.9.6.1?




Fails there too. Attached are two typescript outputs for two successive
runs on 2.9.6.1, using a pristine tarball from the website built with
./configure --enable-debug. The only difference between the two runs is the
comment symbol in the snort.conf. As to why Nicholas can't reproduce it, I
don't know. I've included the md5sums of the config files to see if there
are other possibilities.

I also checked with strace that it was loading the correct config files.

Anything else I can try?

Have a nice day,
-- 
Martijn van Oosterhout <kleptog () gmail com> http://svana.org/kleptog/

Attachment: typescript.fail
Description:

Attachment: typescript.ok
Description: 

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: