Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort -T and -K in 2.4.1

From: Zultan <zultan () mad scientist com>
Date: Sun, 18 Sep 2005 01:48:27 +0000
Has anyone else noticed this?

In version 2.4.1, -T runs as before 2.4.0, but it now wants a "-K ascii" or a "-K none". "-K pcap" or no -K at all 
fails, regardless of the output line in snort.conf. For example...

"snort -Toc /etc/snort/snort.conf"
or...
"snort -K pcap -Tc /etc/snort/snort.conf"

fails with this


| gen-id=1      sig-id=2001580    type=Both      tracking=src count=200 seconds=60
| gen-id=1      sig-id=3543       type=Threshold tracking=src count=5   seconds=2
| gen-id=1      sig-id=2001553    type=Threshold tracking=src count=100 seconds=60
+-----------------------[suppression]------------------------------------------
| none
-------------------------------------------------------------------------------
Rule application order: ->pass->activation->dynamic->alert->log->drop
Log directory = /var/log/snort
Segmentation fault

###################

However these finish normally.

"snort -K none -Tc /etc/snort/snort.conf"
or...
"snort -K ascii -Tc /etc/snort/snort.conf"

returns this


Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0
low_time: 0, high_time: 0, diff: 0h:00:00s
    finds: 0 reversed: 0(%0.000000)
    find_sucess: 0 find_fail: 0
percent_success: (%0.000000) new_flows: 0
Snort exiting




-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: