[Snort-users] use of BPF in 1.8.7beta6 might be broken
scheidell at ...5171...
Sun Jun 9 19:42:01 EDT 2002
Might be two problems with bpf filter usage in snort 1.8.7beta6
Problem one (already reported)
HUP does not release the fd that opened the bpf filter
check with lsof, one fd open for /usr/local/share/snort/snort.bpf
SIGHUP snort, two fds, same file.
Yep, snort won't log anything except spp_stream4 stuff if I use a bpf
-*> Snort! <*-
Version 1.8.7beta6 (Build 121)
/usr/local/bin/snort -doDI -m 022 -z \
-F /usr/local/share/snort/snort.bpf \
-c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort
remove the -F line, all is fine.
not src host 10.1.1.10
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...5171...
More information about the Snort-users