[Snort-users] Snortsnarf 020516.1 and Snort 1.9.0 errors
hoagland at ...47...
Tue Oct 15 12:37:04 EDT 2002
At 10:28 AM -0400 10/15/02, Eric Joe wrote:
>Is there any known issues with Snortsnarf 020516.1 and Snort 1.9.0?
Soon, I'm going to be getting a new version of SnortSnarf together to
address the issues folks have been having with the output coming out
of Snort 1.9. (Some of these problems are due to bugs in Snort, but
I'll try to work around them.)
I know some folks have already sent me information, but in order to
make sure my coverage is complete enough, can folks tell me (in
private e-mail, not to this list) what output format (e.g., fast
alert format) SnortSnarf is having problems with and if possible some
specific problem alerts.
>Since upgrading to 1.9.0 I get a lot of errors when parsing the alerts file.
>Here is the command I use
>perl /home/snort/SnortSnarf/snortsnarf.pl /var/log/snort/alert
>and here are some example errors
>unknown alert format for line: TCP Options (4) => MSS: 1460 NOP NOP SackOK
>unknown alert format for line: TCP TTL:64 TOS:0x0 ID:6512 IpLen:20
>DgmLen:60 DF; skipping
>unknown alert format for line: ******S* Seq: 0x700AFBA3 Ack: 0x0 Win:
>unknown alert format for line: TCP Options (5) => MSS: 1460 SackOK TS:
>427680467 0 NOP WS: 0
>unknown alert format for line: UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:72 DF
>unknown alert format for line: Len: 52
>unknown alert format for line: UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:82 DF
>unknown alert format for line: Len: 62
>Journey's End Internet/Computer Connection Inc
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users