[Snort-openappid] Large amounts of getShortHostFormat entries

Cliff Judge (cljudge) cljudge at ...5...
Thu May 21 11:24:43 EDT 2015


What does your /opt/share/odp/version.conf say? It should be 241. That's what I see when I pull down and extract the latest ODP from snort.org.

________________________________________
From: James Lay [jlay at ...45...]
Sent: Thursday, May 21, 2015 11:02 AM
To: Cliff Judge (cljudge)
Cc: openappid
Subject: RE: [Snort-openappid] Large amounts of getShortHostFormat entries

On 2015-05-21 07:45 AM, Cliff Judge (cljudge) wrote:
> Hello James,
>
> Thank you for your email. It is possible that the client_tds detector
> is inspecting traffic that is not TDS, and is complaining because some
> packets are missing fields that it thinks should be there.
>
> But there was a bug we fixed several months ago which might also cause
> this type of error. To make sure nothing weird is going on, could you
> please run the following on your openappid box and paste the output:
>
> grep getShortHost /opt/share/odp/lua/client_tds.lua
>
> ________________________________________
> From: James Lay [jlay at ...45...]
> Sent: Thursday, May 21, 2015 8:42 AM
> To: openappid
> Subject: [Snort-openappid] Large amounts of getShortHostFormat entries
>
> Topic says it...just updated this morning to the latest odp and yeesh:
>
> May 21 06:23:24 gateway snort[2465]: client
> /opt/share/odp/lua/client_tds.lua: error validating [string ""]:151:
> attempt to call global 'getShortHostFormat' (a nil value)
>
> at least 68 in the last 30 minutes.
>
> James

Here it is..thank you.

tdsLength = getShortHostFormat(tdsLength)

James



More information about the Snort-openappid mailing list