[Snort-users] Hogger 0.1.3 released

Andy Berryman aberryman at ...14765...
Mon Mar 22 10:57:38 EDT 2010


Parker,

 

Here is the first 5 lines. I did a google search and saw on the snort
forums someone got the same error, but theirs was b/c the XML file had
the version number and other info at the top. I have none of that. 

 

<SNORT_ATTRIBUTES>

  <ATTRIBUTE_TABLE>

    <HOST IP="10.27.1.4">

      <OPERATING_SYSTEM>

       <NAME ATTRIBUTE_VALUE="Windows" CONFIDENCE="90"></NAME>

 

 

 

Thanks,

Andy 

 

 

From: Crook, Parker [mailto:Parker_Crook at ...14786...] 
Sent: Monday, March 22, 2010 9:52 AM
To: Andy Berryman
Cc: snort-users at lists.sourceforge.net
Subject: RE: Re: [Snort-users] Hogger 0.1.3 released

 

Andy,

 

This bug was the reason for the changes made in 0.1.3, where the XML
output was in the incorrect format.  I just downloaded the current
tarball and ran on my nmap files and diffed them with my working
attribute table that Snort is currently using on and came up with no
differences.  Is it possible for you to send me the first 5 lines
(obfuscated of course)?

 

Thanks,

Parker

 

________________________________

From: Andy Berryman [mailto:aberryman at ...14765...] 
Sent: Monday, March 22, 2010 10:31 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Hogger 0.1.3 released

 

I'm trying to use hogger and I've got the host_attrib_table.xml file
created. But when I add the line to my snort.conf I get an error. 

 

Line I'm adding: attribute_table filename
/etc/snort/host_attrib_table.xml

 

Error I get: "Invalid Attribute Table specification:
'/etc/snort/host_attrib_table.xml' Please verify the grammar at or near
line2 (tag '<')."

  "failed to load attribute table from /etc/snort/host_attrib_table.xml"

 

Any tips? I compiled snort this morning and I had the
--enable-targetbased in the ./configure line

 

 

I'm running snort 2.8.5.3 and the conf file that comes with the
download.

 

Thanks,

Andy Berryman

 

 

________________________________

This message from Cymtec Systems, Inc. contains confidential information
and is solely for the use of the recipient(s) named above. If you are
not the intended recipient or an agent responsible for delivering it to
the intended recipient, you are hereby notified that you have received
this message in error and that any review, disclosure, copying,
distribution or use of the contents of this message is strictly
prohibited. If you have received this message in error, please destroy
it immediately and notify Cymtec Systems, Inc. by telephone at
+1.314.993.8700 or by return e-mail.

________________________________

 


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.                    
###############################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100322/013a60f6/attachment.html>


More information about the Snort-users mailing list