[Snort-users] maximum length for msg?

Dirk Geschke Dirk_Geschke at ...1344...
Fri Sep 16 06:24:19 EDT 2005


Hi Alex,

> You are correct about that line being present in decode.h. However, that 
> #define doesn't seem to have any effect on Snort's ability to deal with 
> longer msg strings. For example, I tested 2.3.3 and 2.4 with a fake rule 
> designed to maximize the length of that string:

yes, but you did not check all output-plugins:

output-plugins/spo_alert_unixsock.c, line 197:              

 strlen(msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(msg));

Ok, I think no one really wants to use a message larger than 255 
bytes...

Best regards

Dirk





More information about the Snort-users mailing list