[Snort-devel] Logging not consistent with violated rule
cmg at ...402...
Fri Sep 6 06:01:06 EDT 2002
Randy <leganza at ...1541...> writes:
> Sometimes - Snort Version 1.9.0beta6 (Build 201) packet logs do not
> match the rule it supposedly violates. Note the below packets that
> should have had "?open" in uricontent, according to rule 1561, but
> instead were logged as a byte of 1s. The same for one last packet for
> "WEB-IIS scripts access", rule 1287.
I need to go look at when beta6 was but I fixed a bug similar to this
around the middle of August. Mind trying CVS head?
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.
More information about the Snort-devel