[Snort-users] snort version 2.4.3 not working properly?

Allan P. Magmanlac allan.magmanlac at ...13637...
Mon Nov 21 08:37:04 EST 2005


Hello,
    I'm running version 2.4.3 of snort and here's the issue.

Observe the following...

snort-2.4.3 is what we have the latest.
# pwd
/usr/local/src/snort-2.4.3/src
ids1# ./snort -de -l temp -r /var/log/snort/tcpdump.log.1132578001
Running in packet logging mode
Log directory = temp
TCPDUMP file reading mode.
Reading network traffic from "/var/log/snort/tcpdump.log.1132578001" file.
snaplen = 1514
---REST OF OUTPUT OMMITED as there is not seem to be a problem-

Now when I go to temp, a file is created, but it's the same as the dump 
file.
# ls temp
snort.log.1132588776
# diff /var/log/snort/tcpdump.log.1132578001 snort.log.1132588776

PREVIOUS VERSION WORKS FINE...
# pwd
/usr/local/src/snort-2.4.0/src
#  ./snort -de -l temp -r /var/log/snort/tcpdump.log.1132578001
Running in packet logging mode
Log directory = temp
TCPDUMP file reading mode.
Reading network traffic from "/var/log/snort/tcpdump.log.1132578001" file.
snaplen = 1514
---REST OF OUTPUT OMMITED as there is not seem to be a problem-

Now, temp has directories and files that we're expecting.
# ls temp
172.16.2.3 192.168.2.4
...

# ls temp/172.16.2.3
TCP:2209-80     TCP:3055-80     TCP:3209-80
TCP:2363-80     TCP:3111-80     TCP:3338-80

Note the snort binaries were built the same way.
Is this a known issue? Is there an easy fix?

Thanks for the help.






More information about the Snort-users mailing list