[Snort-users] Garbage in snort logs

Phil Wood cpw at ...440...
Tue Jan 8 10:21:04 EST 2002


On Tue, Jan 08, 2002 at 08:57:57AM +1300, russell wrote:
> Hi Phil,
> 	Thanks for your response to my snort query...
> 
> > Please send me your config file which should have something like this
> > for preprocessors:
> 
> Here are all the preprocessor directives from the config file:
> 
> preprocessor frag2
> preprocessor stream4: noalerts
> preprocessor frag2
               ^     could be a problem since you already set it above
> preprocessor http_decode: 80 
> preprocessor rpc_decode: 111 
> preprocessor telnet_decode
> 
> And the snort version info:
> 
> rful011 at ...4489...:~$ snort -V 
> 
> -*> Snort! <*-
> Version 1.8.3 (Build 88)
> By Martin Roesch (roesch at ...1935..., www.snort.org)

  good version.

> 
> Cheers and thanks, Russell.
> 

  Well aside from the multiple frag2's I'd say the config should work just
fine.  I was seeing things like you mentioned when using a version less then
1.8.3 build 88.

> -- 
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list