[Snort-devel] Logging not consistent with violated rule

Chris Green cmg at ...402...
Fri Sep 6 06:01:06 EDT 2002


Randy <leganza at ...1541...> writes:

> Sometimes - Snort Version 1.9.0beta6 (Build 201) packet logs do not
> match the rule it supposedly violates.  Note the below packets that
> should have had "?open" in uricontent, according to rule 1561, but
> instead were logged as a byte of 1s.  The same for one last packet for
> "WEB-IIS scripts access", rule 1287.
>
I need to go look at when beta6 was but I fixed a bug similar to this
around the middle of August. Mind trying CVS head?
-- 
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.




More information about the Snort-devel mailing list