[Snort-devel] spp_portscan logging patch

Erich Meier Erich.Meier at ...2...
Tue Dec 5 14:10:46 EST 2000


On Tue, Dec 05, 2000 at 11:07:50AM -0800, James Hoagland wrote:
> At 12:25 PM +0100 12/5/00, Erich Meier wrote:
> >Hi!
> >
> >Here is a patch to spp_portscan.c to correct the alert and log functions.
> >Without the patch, the subsystem logs the current packet which is largely
> >misleading.
> 
> Oh wow!  When did the packet start getting sent with the portscan 
> messages?  That the packet is getting logged causes SnortSnarf to 
> complain about the other extra lines, since it is only expecting the 
> short form produced with NULL as the first argument.  The patch 
> should fix that.

That was nothing serious. Just a little oversight when migrating from
	(*AlertFunc)(NULL, logMessage);
to
	CallAlertFuncs(NULL, logMessage, NULL);
alerting style.

Erich



More information about the Snort-devel mailing list