Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snortsnarf 020516.1 and Snort 1.9.0 errors

From: "Eric Joe" <sysop () tje1 com>
Date: Tue, 15 Oct 2002 10:28:01 -0400 (EDT)
Is there any known issues with Snortsnarf 020516.1 and Snort 1.9.0?

Since upgrading to 1.9.0 I get a lot of errors when parsing the alerts file.

Here is the command I use

perl /home/snort/SnortSnarf/snortsnarf.pl /var/log/snort/alert


and here are some example errors

unknown alert format for line: TCP Options (4) => MSS: 1460 NOP NOP SackOK
; skipping
unknown alert format for line: TCP TTL:64 TOS:0x0 ID:6512 IpLen:20
DgmLen:60 DF; skipping
unknown alert format for line: ******S* Seq: 0x700AFBA3  Ack: 0x0  Win:
0x16D0TcpLen: 40
; skipping
unknown alert format for line: TCP Options (5) => MSS: 1460 SackOK TS:
427680467 0 NOP WS: 0
; skipping
unknown alert format for line: UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:72 DF
; skipping
unknown alert format for line: Len: 52
; skipping
unknown alert format for line: UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:82 DF
; skipping
unknown alert format for line: Len: 62
; skipping

Thanks

-- 
Eric Joe
Network Operations
Journey's End Internet/Computer Connection Inc




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: