[Snort-users] Upgrade Issues

Cody Holland cholland at ...13959...
Mon Oct 30 11:51:46 EST 2006


Ok, I am in the process of replacing one of my sensors with a 2.6.x sensor.
The old one, running 2.4.x, is still in place. I've setup two monitor ports
on our cisco switch so both are running at the same time. I've noticed two
things that are concerning me.
1. I'm just running snort in verbose mode, snort -i fxp1 -v, and compairing
results. The 2.6.x server is showing far fewer hits that the old one.

2. The new server is also getting a lot of Not IPv4 datagram! entries.

I have attached a log file from each of the servers. I'm also digging around
on google and the forums and am getting some info, but if anyone out there
has any input, it would greatly be appreciated.

Cody
-------------- next part --------------
A non-text attachment was scrubbed...
Name: old_snort.log
Type: application/octet-stream
Size: 9961 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061030/7482bb7c/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: new_snort.log
Type: application/octet-stream
Size: 5622 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061030/7482bb7c/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3751 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061030/7482bb7c/attachment.bin>


More information about the Snort-users mailing list