[Snort-devel] ruletype declaration breaks u2 output for log_uri/log_hostname (with testcase)

Martijn van Oosterhout kleptog at ...2499...
Fri Jun 13 04:22:51 EDT 2014

On 12 June 2014 11:31, Martijn van Oosterhout <kleptog at ...2499...> wrote:

> On 11 June 2014 19:17, Joel Esler (jesler) <jesler at ...3461...> wrote:
>>  On Jun 11, 2014, at 12:01 PM, Martijn van Oosterhout <kleptog at ...3054....>
>> wrote:
>> Snort version:, but appears to affect older versions as well
>>  I have to ask…  Did you replicate it with the current shipping version?
> Fails there too. Attached are two typescript outputs for two successive
> runs on, using a pristine tarball from the website built with
> ./configure --enable-debug. The only difference between the two runs is the
> comment symbol in the snort.conf. As to why Nicholas can't reproduce it, I
> don't know. I've included the md5sums of the config files to see if there
> are other possibilities.
> I also checked with strace that it was loading the correct config files.
Ok, I've tested on every version on the git repo
https://github.com/jasonish/snort in an attempt to bisect it, but it's
broken even in the oldest version there. So I've tested it on:

And it's reproducible on all of them. Anyone else having any luck?

Hope this helps,
Martijn van Oosterhout <kleptog at ...2499...> http://svana.org/kleptog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140613/b5c1505f/attachment.html>

More information about the Snort-devel mailing list