[Snort-devel] spp_portscan logging patch

Martin Roesch roesch at ...48...
Thu Dec 7 13:03:27 EST 2000


Sorry guys, I put the packet pointer in there for my own nefarious purposes
here at home and forgot to take it back out when updating CVS. :)  Oopsy...

    -Marty

James Hoagland wrote:
> 
> At 12:25 PM +0100 12/5/00, Erich Meier wrote:
> >Hi!
> >
> >Here is a patch to spp_portscan.c to correct the alert and log functions.
> >Without the patch, the subsystem logs the current packet which is largely
> >misleading.
> 
> Oh wow!  When did the packet start getting sent with the portscan
> messages?  That the packet is getting logged causes SnortSnarf to
> complain about the other extra lines, since it is only expecting the
> short form produced with NULL as the first argument.  The patch
> should fix that.
> 
> -- Jim
> 
> >
> >-----
> >Index: spp_portscan.c
> >===================================================================
> >RCS file: /cvsroot/snort/snort/spp_portscan.c,v
> >retrieving revision 1.18
> >diff -r1.18 spp_portscan.c
> >933,934c933,934
> ><   CallAlertFuncs(p, logMessage, NULL);
> ><   CallLogFuncs(p, logMessage, NULL);
> >---
> >>    CallAlertFuncs(NULL, logMessage, NULL);
> >>    CallLogFuncs(NULL, logMessage, NULL);
> >958,959c958,959
> ><    CallAlertFuncs(p, logMessage, NULL);
> ><    CallLogFuncs(p, logMessage, NULL);
> >---
> >>     CallAlertFuncs(NULL, logMessage, NULL);
> >>     CallLogFuncs(NULL, logMessage, NULL);
> >-----
> >
> >Erich
> >_______________________________________________
> >Snort-devel mailing list
> >Snort-devel at lists.sourceforge.net
> >http://lists.sourceforge.net/mailman/listinfo/snort-devel
> 
> --
> |*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
> |*               hoagland at ...60...                *|
> |*              http://www.silicondefense.com/              *|
> |*  Voice: (707) 445-4355 x13          Fax: (707) 445-4222  *|
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org



More information about the Snort-devel mailing list