[Snort-openappid] Large amounts of getShortHostFormat entries
Cliff Judge (cljudge)
cljudge at ...5...
Thu May 21 11:24:43 EDT 2015
What does your /opt/share/odp/version.conf say? It should be 241. That's what I see when I pull down and extract the latest ODP from snort.org.
From: James Lay [jlay at ...45...]
Sent: Thursday, May 21, 2015 11:02 AM
To: Cliff Judge (cljudge)
Subject: RE: [Snort-openappid] Large amounts of getShortHostFormat entries
On 2015-05-21 07:45 AM, Cliff Judge (cljudge) wrote:
> Hello James,
> Thank you for your email. It is possible that the client_tds detector
> is inspecting traffic that is not TDS, and is complaining because some
> packets are missing fields that it thinks should be there.
> But there was a bug we fixed several months ago which might also cause
> this type of error. To make sure nothing weird is going on, could you
> please run the following on your openappid box and paste the output:
> grep getShortHost /opt/share/odp/lua/client_tds.lua
> From: James Lay [jlay at ...45...]
> Sent: Thursday, May 21, 2015 8:42 AM
> To: openappid
> Subject: [Snort-openappid] Large amounts of getShortHostFormat entries
> Topic says it...just updated this morning to the latest odp and yeesh:
> May 21 06:23:24 gateway snort: client
> /opt/share/odp/lua/client_tds.lua: error validating [string ""]:151:
> attempt to call global 'getShortHostFormat' (a nil value)
> at least 68 in the last 30 minutes.
Here it is..thank you.
tdsLength = getShortHostFormat(tdsLength)
More information about the Snort-openappid