[Snort-users] Frag Preprocessor Preventing Log Parsing

Gary Flynn flynngn at ...6811...
Tue Apr 29 13:00:14 EDT 2003

Snort 2.0.0. Upgrade

If I enable the frag preprocessor and then attempt to read
the binary log as follows:

snort -d -l ./temp -r snort.log.blah -c /usr/local/snort/snort.conf

I get the following error after Snort prints
its header:

pcap_loop: bogus savefile header

Snort processed 0 packets

Sometimes it processes a few packets and then

As I'm in the process of upgrading and testing
sigs and preprocessors, I'm not sure if its
a bug or something stupid on my part.

Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.

More information about the Snort-users mailing list