[Snort-users] trap to HPOV causes failure
rnoonan at ...5308...
Mon Mar 18 12:41:06 EST 2002
On Friday 15 March 2002 09:26, Rob Hughes wrote:
> Pick trap or inform, not both. I run snort to an OV box running on
> Solaris and don't have any issues, but I only use informs, not traps and
> informs.If it still dies, let me know and I'll beat on it some and see
> if I can beat Marty for once ;)
Hmph...don't know what I was thinking trying to debug that with both enabled.
Taking your advice, I removed the trap line and snort still died. I removed
the inform line and put back the trap line and snort runs happily. In a
sense that resolves it form me, since I'm happy with just the traps.
However, I'm also happy to pursue this further with you or anyone else that
is interested in more test results from my end. Sadly, I'm unqualified to
pursue this on my own WRT code debugging, but it would seem the inform
response from my version of OV is causing snort to die. BTW, something I
left out of my earlier message is that our OV host is Win2k Server SP2. I
don't directly admin the box, but it's safe to assume it's reasonably
up on the latest patches.
Thanks again for the troubleshooting advice and let me know if there's
anything I can do to help further confirm/deny the existence of a bug.
More information about the Snort-users