[Snort-users] Snort creating corrupt binary data logs?
Michael.Cloppert at ...5884...
Fri Nov 29 07:32:04 EST 2002
Ladies & gents,
Has anyone seen the following behavior?
Running Snort 1.9 on promiscuous interface with binary logging on RedHat
LINUX 7.3 i386. Log files created are /var/log/snort/snort.log.*. Many
(probably up to 50%) of these binary data files are reported by BOTH tcpdump
AND snort (when re-run over the log files for post-mortem analysis) as
"pcap_loop: bogus savefile header." I didn't notice this on 1.8.7 on the
same system, same setup... however at that time I wasn't paying as close
attention to my binary log files, so it may have been present then as well.
Some google-ing revealed one or two other cases like this, but most were on
different systems, or no solution could be found.
I'm using a "killproc snort" in my /etc/rc.d/init.d/snortd script, which is
how I believe the .rpm package set it up. Any comments or help would be
greatly appreciated. Thank you.
More information about the Snort-users