[Snort-users] maximum length for msg?
Dirk_Geschke at ...1344...
Fri Sep 16 06:24:19 EDT 2005
> You are correct about that line being present in decode.h. However, that
> #define doesn't seem to have any effect on Snort's ability to deal with
> longer msg strings. For example, I tested 2.3.3 and 2.4 with a fake rule
> designed to maximize the length of that string:
yes, but you did not check all output-plugins:
output-plugins/spo_alert_unixsock.c, line 197:
strlen(msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(msg));
Ok, I think no one really wants to use a message larger than 255
More information about the Snort-users