[Snort-devel] No stats, take two

Martin Olsson elof at ...969...
Fri May 16 01:33:06 EDT 2003


On Fri, 16 May 2003, Martin Olsson wrote:
> Found the bug!
> When you include "config daemon" in your snort.conf, this information
> disappear:
> * the number of rules and chains
> * the rule application order
> * all the statistics when snort exits
> It is just theese three things that are missing (as I can tell). I can
> still see the frag2, stream4, stream4_reassemble, http-, rpc-, and
> telnet_decode.

Additional info:

The position of the "config daemon" directive within the
snort.conf file give different results. If placed before the
preprocessors and output plugins, you won't get any
information from frag2, stream4, stream4_reassemble or from
the database output plugin.
You will, however, get info from http_decode, rpc_decode,
telnet_decode, conversation and portscan2. This is logged to
syslog, not stdout.

If "config daemon" is located _after_ the preprocessors and
output plugins, you get all the configuration on stdout. Now
you see everything (frag2, stream4, stream4_reassembly ...
portscan2, database).
However, if you now run snort with the -D switch, the info from
frag2, stream4, stream4_reassemble and database is again
gone.

Martin Olsson
Sentor AB, Sweden





More information about the Snort-devel mailing list