[Snort-openappid] [Snort-OpenAppID]"Missing session" log is coming

hitesh menghani menghanihitesh at ...8...
Fri Sep 5 03:15:15 EDT 2014


Hi,

I am attaching the configuration file and traffic file(logged in sniffer
mode).
In this scenario I am testing for "http" traffic, but time http traffic
passes through it "Missing session" log is coming.

More I observed:
I am changing *max_tcp* parameter of *stream5* preprocessor and reload
snort, app (http in my case) is getting detected and "Missing session" logs
frequency get reduced until snort is in running state.
Again after snort restart only "Missing session" logs are coming.


---
Thanks & Regards,
Hitesh Menghani


On Fri, Sep 5, 2014 at 12:06 AM, Costas Kleopa (ckleopa) <ckleopa at ...5...>
wrote:

>  Hitesh,
>
>  Can you send us your configuration file for this, and where the
> OpenAppID has been installed?
> Can you also send us the traffic that we should have been detecting?
>
>  Thanks
> Costas
>
>
>   From: hitesh menghani <menghanihitesh at ...8...>
> Date: Thursday, September 4, 2014 at 3:22 AM
> To: "snort-openappid at lists.sourceforge.net" <
> snort-openappid at lists.sourceforge.net>
> Subject: [Snort-openappid] [Snort-OpenAppID]"Missing session" log is
> coming
>
>   Problem-
>
>  I am testing snort-2.9.7.0_beta with latest OpenAppID.
> My configuration is ok and traffic is also coming to snort, but it is not
> getting detected.
> Time I am sending traffic through snort it logs "Missing session" log and
> returns.
>
>  I gone through code also and found "Missing session" log in below files-
> src/dynamic-preprocessors/appid/detector_plugins/detector_sip.c
> src/dynamic-preprocessors/appid/fw_appid.c
>
>  What would be the problem?
>
>  --
>  ---
> Thanks & Regards,
>  Hitesh Menghani
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140905/8d39609e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http.log
Type: text/x-log
Size: 233928 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140905/8d39609e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.conf
Type: application/octet-stream
Size: 6698 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140905/8d39609e/attachment.obj>


More information about the Snort-openappid mailing list