Snort mailing list archives

double logging :(

From: "Dorwin T. Shields, Jr." <dorwin () earthlink net>
Date: Tue, 12 Aug 2003 09:49:46 -0500

Hi,

I'm attempting to capture s mtp sessions in snort.
I capture to a binary file for efficiency then replay into
snort using options -de -r <file> -c <config>.

My config file has only a few rules (if memory serves):
  frag2
  stream4: timeout 60
  stream4_reassembly: client only
  log tcp any any -> any 25 (session: printable;)

I limit to port 25 during the capture.

Every session file I get is twice as large as it should be. It looks
like everything is doubled. Is it something I'm doing or is
this broken? Also, I tried using version 1.9.1 and it did the same thing
on both linux and windows.

Thanks,

Dorwin

Current thread:

double logging :( Dorwin T. Shields, Jr. (Aug 12)
- <Possible follow-ups>
- Double logging :( Dorwin T. Shields, Jr. (Aug 12)
  - Re: Double logging :( Erek Adams (Aug 12)
    - Re: Double logging :( dorwin (Aug 13)
    - Re: Double logging :( Erek Adams (Aug 13)
    - Re: Double logging :( Patrick Dolan (Aug 13)
- Re: Re: Double logging :( Dorwin Shields (Aug 13)