[Snort-users] snort core dumping SOLUTION

Martin Roesch roesch at ...1935...
Fri Oct 26 15:15:10 EDT 2001


This is actually a Snort parser problem too, you managed to fake out the
validator.  I've written code that will catch this condition and checked
it into CVS.

     -Marty

Leonardo Rodrigues wrote:
> 
>     Wow ..... sorry ..... seems its not a snort problem, its mine
> problem :)
> 
>     snort.conf rules were wrong, they were:
> 
> log tcp any any -> any 80 (MSG"HTTP";logto:"http.log";)
> log tcp any 80 -> any any (MSG"HTTP";logto:"http.log";)
> 
>     You could notice its missing the ':' right after MSG .... included
> that and snort loads fine !!
> 
>     Thanks for all answers ...
> 
>     Suggestion for developers .... shouldnt snort parse rules and simply
> ignore errors, without core dumping ????
> 
>     Sincerily,
>     Leonardo Rodrigues
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list