[Snort-users] snort core dumping SOLUTION
roesch at ...1935...
Fri Oct 26 15:15:10 EDT 2001
This is actually a Snort parser problem too, you managed to fake out the
validator. I've written code that will catch this condition and checked
it into CVS.
Leonardo Rodrigues wrote:
> Wow ..... sorry ..... seems its not a snort problem, its mine
> problem :)
> snort.conf rules were wrong, they were:
> log tcp any any -> any 80 (MSG"HTTP";logto:"http.log";)
> log tcp any 80 -> any any (MSG"HTTP";logto:"http.log";)
> You could notice its missing the ':' right after MSG .... included
> that and snort loads fine !!
> Thanks for all answers ...
> Suggestion for developers .... shouldnt snort parse rules and simply
> ignore errors, without core dumping ????
> Leonardo Rodrigues
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users