Snort mailing list archives
Snort creating corrupt binary data logs?
From: "Cloppert, Michael" <Michael.Cloppert () 53 com>
Date: Fri, 29 Nov 2002 10:31:16 -0500
Ladies & gents, Has anyone seen the following behavior? Running Snort 1.9 on promiscuous interface with binary logging on RedHat LINUX 7.3 i386. Log files created are /var/log/snort/snort.log.*. Many (probably up to 50%) of these binary data files are reported by BOTH tcpdump AND snort (when re-run over the log files for post-mortem analysis) as "pcap_loop: bogus savefile header." I didn't notice this on 1.8.7 on the same system, same setup... however at that time I wasn't paying as close attention to my binary log files, so it may have been present then as well. Some google-ing revealed one or two other cases like this, but most were on different systems, or no solution could be found. I'm using a "killproc snort" in my /etc/rc.d/init.d/snortd script, which is how I believe the .rpm package set it up. Any comments or help would be greatly appreciated. Thank you. Michael Cloppert ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort creating corrupt binary data logs? Cloppert, Michael (Nov 29)
- Re: Snort creating corrupt binary data logs? Phil Wood (Nov 29)
- <Possible follow-ups>
- RE: Snort creating corrupt binary data logs? Cloppert, Michael (Dec 03)