[Snort-openappid] Large amounts of getShortHostFormat entries
jlay at ...45...
Thu May 21 12:42:13 EDT 2015
It is absolutely 241....however, the FIRST problem is that I'm an idiot
:) The second issue was I had two copies of odp, one in /opt, the other
in /opt/share, the latter being where snort was pointing and I hadn't
updated 8-| (user) Problem solved...thanks Cliff.
On 2015-05-21 09:24 AM, Cliff Judge (cljudge) wrote:
> What does your /opt/share/odp/version.conf say? It should be 241.
> That's what I see when I pull down and extract the latest ODP from
> From: James Lay [jlay at ...45...]
> Sent: Thursday, May 21, 2015 11:02 AM
> To: Cliff Judge (cljudge)
> Cc: openappid
> Subject: RE: [Snort-openappid] Large amounts of getShortHostFormat
> On 2015-05-21 07:45 AM, Cliff Judge (cljudge) wrote:
>> Hello James,
>> Thank you for your email. It is possible that the client_tds detector
>> is inspecting traffic that is not TDS, and is complaining because some
>> packets are missing fields that it thinks should be there.
>> But there was a bug we fixed several months ago which might also cause
>> this type of error. To make sure nothing weird is going on, could you
>> please run the following on your openappid box and paste the output:
>> grep getShortHost /opt/share/odp/lua/client_tds.lua
>> From: James Lay [jlay at ...45...]
>> Sent: Thursday, May 21, 2015 8:42 AM
>> To: openappid
>> Subject: [Snort-openappid] Large amounts of getShortHostFormat entries
>> Topic says it...just updated this morning to the latest odp and yeesh:
>> May 21 06:23:24 gateway snort: client
>> /opt/share/odp/lua/client_tds.lua: error validating [string ""]:151:
>> attempt to call global 'getShortHostFormat' (a nil value)
>> at least 68 in the last 30 minutes.
> Here it is..thank you.
> tdsLength = getShortHostFormat(tdsLength)
More information about the Snort-openappid