Snort mailing list archives
Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase)
From: Martijn van Oosterhout <kleptog () gmail com>
Date: Fri, 13 Jun 2014 10:22:51 +0200
On 12 June 2014 11:31, Martijn van Oosterhout <kleptog () gmail com> wrote:
On 11 June 2014 19:17, Joel Esler (jesler) <jesler () cisco com> wrote:On Jun 11, 2014, at 12:01 PM, Martijn van Oosterhout <kleptog () gmail com> wrote: Snort version: 2.9.6.0, but appears to affect older versions as well I have to askā¦ Did you replicate it with the current shipping version? 2.9.6.1?Fails there too. Attached are two typescript outputs for two successive runs on 2.9.6.1, using a pristine tarball from the website built with ./configure --enable-debug. The only difference between the two runs is the comment symbol in the snort.conf. As to why Nicholas can't reproduce it, I don't know. I've included the md5sums of the config files to see if there are other possibilities. I also checked with strace that it was loading the correct config files.
Ok, I've tested on every version on the git repo https://github.com/jasonish/snort in an attempt to bisect it, but it's broken even in the oldest version there. So I've tested it on: 2.9.3.1 2.9.4 2.9.4.1 2.9.4.5 2.9.4.6 2.9.5 2.9.5.3 2.9.5.5 2.9.5.6 2.9.6.0 2.9.6.1 And it's reproducible on all of them. Anyone else having any luck? Hope this helps, -- Martijn van Oosterhout <kleptog () gmail com> http://svana.org/kleptog/
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 11)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Joel Esler (jesler) (Jun 11)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Nicholas Mavis (nmavis) (Jun 11)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 12)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 13)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Martijn van Oosterhout (Jun 13)
- Re: ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase) Joel Esler (jesler) (Jun 11)