[Snort-openappid] Large amounts of getShortHostFormat entries

Cliff Judge (cljudge) cljudge at ...5...
Thu May 21 09:45:27 EDT 2015


Hello James,

Thank you for your email. It is possible that the client_tds detector is inspecting traffic that is not TDS, and is complaining because some packets are missing fields that it thinks should be there. 

But there was a bug we fixed several months ago which might also cause this type of error. To make sure nothing weird is going on, could you please run the following on your openappid box and paste the output: 

grep getShortHost /opt/share/odp/lua/client_tds.lua

________________________________________
From: James Lay [jlay at ...45...]
Sent: Thursday, May 21, 2015 8:42 AM
To: openappid
Subject: [Snort-openappid] Large amounts of getShortHostFormat entries

Topic says it...just updated this morning to the latest odp and yeesh:

May 21 06:23:24 gateway snort[2465]: client /opt/share/odp/lua/client_tds.lua: error validating [string ""]:151: attempt to call global 'getShortHostFormat' (a nil value)

at least 68 in the last 30 minutes.

James




More information about the Snort-openappid mailing list