[Snort-users] snort-stat warnings

Joel Esler eslerj at ...11827...
Mon Aug 4 09:08:13 EDT 2008


Well,  the below alerts are preprocessor alerts from the http_inspect  
preprocessor.

The biggest problem that I see is that you are using 2.3.3, which is  
many many versions old.

That would be the first step.

Joel


On Aug 4, 2008, at 6:25 AM, Adam D. Barratt wrote:

> Hi,
>
> We're running snort 2.3.3-11 on Debian etch, and for the past few  
> days the
> cron.daily job has been generating a number of "Warning, file may be
> incomplete" messages.
>
> After a little experimentation, it appears that this is due to
> /var/log/snort/alert containing the "header" line for a number of  
> alerts
> repeated (either that or the remaining data from the first item  
> being lost);
> for example:
>
> [...]
> [[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]]
> [[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]]
> [...]
>
> Does anyone know what causes this, and whether it's anything we need  
> to be
> worried about?
>
> Cheers,
>
> Adam
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's  
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Joel Esler
  http://blog.joelesler.nethttp://www.dearcupertino.com
[m]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080804/33565197/attachment.html>


More information about the Snort-users mailing list