[Snort-openappid] Large amounts of getShortHostFormat entries

James Lay jlay at ...45...
Thu May 21 11:02:08 EDT 2015


On 2015-05-21 07:45 AM, Cliff Judge (cljudge) wrote:
> Hello James,
> 
> Thank you for your email. It is possible that the client_tds detector
> is inspecting traffic that is not TDS, and is complaining because some
> packets are missing fields that it thinks should be there.
> 
> But there was a bug we fixed several months ago which might also cause
> this type of error. To make sure nothing weird is going on, could you
> please run the following on your openappid box and paste the output:
> 
> grep getShortHost /opt/share/odp/lua/client_tds.lua
> 
> ________________________________________
> From: James Lay [jlay at ...45...]
> Sent: Thursday, May 21, 2015 8:42 AM
> To: openappid
> Subject: [Snort-openappid] Large amounts of getShortHostFormat entries
> 
> Topic says it...just updated this morning to the latest odp and yeesh:
> 
> May 21 06:23:24 gateway snort[2465]: client
> /opt/share/odp/lua/client_tds.lua: error validating [string ""]:151:
> attempt to call global 'getShortHostFormat' (a nil value)
> 
> at least 68 in the last 30 minutes.
> 
> James

Here it is..thank you.

tdsLength = getShortHostFormat(tdsLength)

James




More information about the Snort-openappid mailing list