Snort mailing list archives

Re: IPv6 ASCII Logging Error in Windows

From: Glenn Geller <ggeller () gmail com>
Date: Tue, 18 Oct 2016 19:19:38 -0700

Hi Randy,

OK, good start then finding the culprit without too much headache.

Maybe someone can suggest a config option to override file/folder naming
conventions here?

I'd imagine at least one smart person out there has run upon this issue in
their testing... so there should be a suggestion forthcoming.

Good luck!

Thanks,

Glenn @ VDO

On Tue, Oct 18, 2016 at 7:16 PM, Randy Chow <randychow2000 () hotmail com>
wrote:

It is Windows and that is exactly it.  But, can the programmers not just
remove colons or replace with something else?  I think it is a huge flaw in
something that many snort users have been using for years.  I downgraded to
get rid of IPv6 support.  Thank you.

Randy Chow
IT Fired Up.Com <http://up.com>
Cell: +1 (403) 606-2714
Email: randy () itfiredup com

On Oct 18, 2016, at 8:11 PM, Glenn Geller <ggeller () gmail com> wrote:

Hi Randy,

Are you running Snort on Windows, or Linux?

If Windows, it could be that the colon is not an allowable character for a
windows folder.

Thus, you cannot create a folder called "2001:0db8:0000:0042:0000:8a2e:0370:7334"
for example, in Windows... since the colon is present.

Just a quick thought, before you get too far down the rabbit hole.

Thanks,

Glenn

On Tue, Oct 18, 2016 at 5:02 PM, Randy Chow <randychow2000 () hotmail com>
wrote:

Did the snort –v –d –c config file location –K ascii



Basically saying it cannot create a folder for IPv6 address.  Which
should be a very big thing I think.  Thank you.



*From:* Seshaiah Erugu (serugu) [mailto:serugu () cisco com]
*Sent:* Tuesday, October 18, 2016 6:44 AM
*To:* Charles Summers (chasumme); Russ Combs (rucombs); bugs () snort org;
randychow2000 () hotmail com; snort-users () lists sourceforge net
*Cc:* Manish Dev (mandev); Nageswara Rao A.V.K (navk)
*Subject:* RE: [Snort-users] IPv6 ASCII Logging Error in Windows



Hi Randy,



Could you please provide the command that you are using to run snort also
provide the Backtrace for the crash.

If Possible please provide the pcap for this issue.





Thanks,

Seshaiah Erugu.



-------- Forwarded Message --------

*Subject: *

[Snort-users] IPv6 ASCII Logging Error in Windows

*Date: *

Thu, 13 Oct 2016 03:38:06 +0000

*From: *

Randy Chow <randychow2000 () hotmail com> <randychow2000 () hotmail com>

*To: *

snort-users () lists sourceforge net <snort-users () lists sourceforge net>
<snort-users () lists sourceforge net>



Hello everyone, hopefully someone can help.  I have snort all configured and running until it hits a IPv6 packet 
then fails to make directory and crashes out.  I use ascii to log as I just want it organized nicely by folders.  
People are saying use -b, but that does not allow desperate folders for each IP.  I can use an older version to 
disable IPv6, but it is not suggested. Thank you.

------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, SlashDot.org <http://slashdot.org>! http://sdm.link/slashdot

_______________________________________________

Snort-users mailing list

Snort-users () lists sourceforge net

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users



Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org <http://slashdot.org>!
http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

IPv6 ASCII Logging Error in Windows Randy Chow (Oct 12)
- Message not available
  - Message not available
    - Re: IPv6 ASCII Logging Error in Windows Seshaiah Erugu (serugu) (Oct 18)
    - Re: IPv6 ASCII Logging Error in Windows Randy Chow (Oct 18)
    - Re: IPv6 ASCII Logging Error in Windows Glenn Geller (Oct 18)
    - Re: IPv6 ASCII Logging Error in Windows Randy Chow (Oct 18)
    - Re: IPv6 ASCII Logging Error in Windows Glenn Geller (Oct 18)