Snort mailing list archives
Re: snort-stat warnings
From: Joel Esler <eslerj () gmail com>
Date: Mon, 4 Aug 2008 09:08:13 -0400
Well, the below alerts are preprocessor alerts from the http_inspect preprocessor.
The biggest problem that I see is that you are using 2.3.3, which is many many versions old.
That would be the first step. Joel On Aug 4, 2008, at 6:25 AM, Adam D. Barratt wrote:
Hi,We're running snort 2.3.3-11 on Debian etch, and for the past few days thecron.daily job has been generating a number of "Warning, file may be incomplete" messages. After a little experimentation, it appears that this is due to/var/log/snort/alert containing the "header" line for a number of alerts repeated (either that or the remaining data from the first item being lost);for example: [...] [[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]] [[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]] [...]Does anyone know what causes this, and whether it's anything we need to beworried about? Cheers, Adam -------------------------------------------------------------------------This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the worldhttp://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler http://blog.joelesler.net http://www.dearcupertino.com [m]
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-stat warnings Adam D. Barratt (Aug 04)
- Re: snort-stat warnings Joel Esler (Aug 04)