[Snort-users] Barnyard and ACID question

Wozz wozz+snort at ...471...
Wed Nov 7 00:21:02 EST 2001


On Tue, Nov 06, 2001 at 10:14:34PM -0800, Andrew R. Baker wrote:
> Steve Halligan wrote:
> > 
> > I am having this problem also.  OpenBSD 2.9-release here.  Barnyard from CVS
> > today.  snort-unified-logfile is attached.
> > I also noticed that sometimes (although not in this logfile, I believe)  the
> > ordering of the source ip address backwards also a.b.c.d becomes d.c.b.a.
> > The dest ip is unaffected.
> 
> I have fixed the problem with byteswapped port numbers in the db output
> plugin.  The new code is in CVS.  It was a case where I was converting a
> number that had already been converted.  As for reversed IP addresses, I
> would be interested in seeing the log file where this happens.  I
> checked all of the places where the src IP is inserted and they all look
> okay.  
> 

FWIW, I've never seen this problem, just the port problem consistantly.
Thanks for the fix, I'll upgrade and see how it works.




More information about the Snort-users mailing list