[Snort-users] Snort 2.0.0 logging everything when using (session: printable)

McKim, Tim McKim at ...5996...
Tue Apr 29 07:51:10 EDT 2003


I just put snort 2.0.0 on a new install of RH 9. When trying to use my local
rules, I noticed that snort was logging all traffic -regardless of the
rules. After some testing, it appears that when I use (session: printable;)
in any rule it causes this behavior. These rules worked fine in 1.9.1 but
now using them fills my logs with extraneous data. Does anyone have any idea
as to the cause of this behavior, and more importantly how to correct it?

Thanks,

Tim McKim 




More information about the Snort-users mailing list