[Snort-users] beta 6 reports...

Martin Roesch roesch at ...421...
Thu Nov 30 01:02:26 EST 2000


That looks like a f'd up message string, have you checked the rules file to
make sure that all the message strings are valid?  Could be the strftime
function screwing up as well...

     -Marty

Bill Pennington wrote:
> 
> I do ot know if this is related since I have have it for a while...
> 
> I have been getting these entries in my logs since 1.7 b1 Sorry it has taken
> me so long to speak up :-)
> 
> I am running beta 5 now..
> 
> Nov 29 08:10:59 skinnypig snort[9311]:
> pí^Q at ...887...í^Q at ...888...í^Q at ...888...í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@ í^Q@ í^Q@¨í^Q@¨í
> ^Q@°í^Q@°í^Q@¸í^Q@¸í^Q@Àí^Q@Àí^Q@Èí^Q@Èí^Q@Ðí^Q@Ðí^Q@Øí^Q@Øí^Q@àí^Q@àí^Q@èí^
> Q@èí^Q@ðí^Q@ðí^Q@øí^Q@øí^Q@: 207
> .126.101.100:119 -> 64.121.221.194:2820
> Nov 29 08:48:07 skinnypig snort[9311]:
> pí^Q at ...887...í^Q at ...888...í^Q at ...888...í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@í^Q@ í^Q@ í^Q@¨í^Q@¨í
> ^Q@°í^Q@°í^Q@¸í^Q@¸í^Q@Àí^Q@Àí^Q@Èí^Q@Èí^Q@Ðí^Q@Ðí^Q@Øí^Q@Øí^Q@àí^Q@àí^Q@èí^
> Q@èí^Q@ðí^Q@ðí^Q@øí^Q@øí^Q@: 206
> .204.55.43:17562 -> 64.121.221.194:2908
> 
> Snort command line:
> 
> /usr/local/bin/snort -A full -c /etc/snort/vision.conf -d -D -e -s
> 
> Snort version:
> 
> [root at ...889... bin]# /usr/local/bin/snort -V
> 
> -*> Snort! <*-
> Version 1.7-beta5
> By Martin Roesch (roesch at ...66..., www.snort.org)
> [root at ...889... bin]#
> 
> Uname says:
> 
> [root at ...889... bin]# uname -a
> Linux 2.2.14-5.0 #1 Tue Mar 7 20:53:41 EST 2000 i586 unknown
> [root at ...889... bin]#
> 
> Running RH 6.2
> 
> I will grab beta 6 to see if it fixes the problem.
> 
> ----- Original Message -----
> From: "Martin Roesch" <roesch at ...421...>
> To: "snort-users" <snort-users at lists.sourceforge.net>
> Cc: "snort-dev" <snort-devel at lists.sourceforge.net>
> Sent: Wednesday, November 29, 2000 10:47 AM
> Subject: [Snort-users] beta 6 reports...
> 
> > Well, so far no one has reported any crashes or unexpected behavior with
> beta
> > 6, could it possibly be stable? :)
> >
> >
> > --
> > Martin Roesch
> > roesch at ...421...
> > http://www.snort.org
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list