[Snort-users] Snort -T and -K in 2.4.1

Zultan zultan at ...13388...
Sat Sep 17 18:49:20 EDT 2005


Has anyone else noticed this?

In version 2.4.1, -T runs as before 2.4.0, but it now wants a "-K ascii" or a "-K none". "-K pcap" or no -K at all fails, regardless of the output line in snort.conf. For example...

"snort -Toc /etc/snort/snort.conf"
or...
"snort -K pcap -Tc /etc/snort/snort.conf"

fails with this


| gen-id=1      sig-id=2001580    type=Both      tracking=src count=200 seconds=60
| gen-id=1      sig-id=3543       type=Threshold tracking=src count=5   seconds=2
| gen-id=1      sig-id=2001553    type=Threshold tracking=src count=100 seconds=60
+-----------------------[suppression]------------------------------------------
| none
-------------------------------------------------------------------------------
Rule application order: ->pass->activation->dynamic->alert->log->drop
Log directory = /var/log/snort
Segmentation fault

###################

However these finish normally.

"snort -K none -Tc /etc/snort/snort.conf"
or...
"snort -K ascii -Tc /etc/snort/snort.conf"

returns this


Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0
low_time: 0, high_time: 0, diff: 0h:00:00s
    finds: 0 reversed: 0(%0.000000)
    find_sucess: 0 find_fail: 0
percent_success: (%0.000000) new_flows: 0
Snort exiting




-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm





More information about the Snort-users mailing list