[Snort-devel] preprocessor stream5_global prune_log_max 0

Victor Roemer viroemer at ...3461...
Fri Mar 27 14:02:12 EDT 2015


Elof, I'm aware of changes to Snort which we've added new "config:" 
options to make Stream5 less noisy. I'll have to check but they should 
be in the next major release.

~Victor

On 03/27/15 9:20, elof at ...969... wrote:
>> Will this bug ever be fixed?
>>
>> See my initial report from 2 years ago, http://seclists.org/snort/2013/q1/952
>> and the proposed solution by Gregory in http://seclists.org/snort/2013/q1/967
>
> I tried to mute the flood of prune-messages by setting prune_log_max to 1073741824, but it still spam my syslog. :(
>
> Perhaps you should review the logging mechanism? I think setting
> prune_log_max to either 0 or the maximum value should disable the logging
> completely.
>
>
>
>
> I then tried an even higher value, to make it shut up, but then I get:
>
> snort[64286]: FATAL ERROR: snort.conf(178) => Invalid Prune Log Max.  Must be 0 (disabled) or between 1024 and 1073741824
>
>
> So I revert back to filtering the spam in my syslog-conf instead. :-/
>
> /Elof
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!




More information about the Snort-devel mailing list