Re: IPv6 ASCII Logging Error in Windows

[Glenn Geller <ggeller () gmail com>]

Hi Randy,

Are you running Snort on Windows, or Linux?

If Windows, it could be that the colon is not an allowable character for a
windows folder.

Thus, you cannot create a folder called
"2001:0db8:0000:0042:0000:8a2e:0370:7334" for example, in Windows... since
the colon is present.

Just a quick thought, before you get too far down the rabbit hole.

Thanks,

Glenn

On Tue, Oct 18, 2016 at 5:02 PM, Randy Chow <randychow2000 () hotmail com>
wrote:

> Did the snort –v –d –c config file location –K ascii
>
>
>
> Basically saying it cannot create a folder for IPv6 address.  Which should
> be a very big thing I think.  Thank you.
>
>
>
> *From:* Seshaiah Erugu (serugu) [mailto:serugu () cisco com]
> *Sent:* Tuesday, October 18, 2016 6:44 AM
> *To:* Charles Summers (chasumme); Russ Combs (rucombs); bugs () snort org;
> randychow2000 () hotmail com; snort-users () lists sourceforge net
> *Cc:* Manish Dev (mandev); Nageswara Rao A.V.K (navk)
> *Subject:* RE: [Snort-users] IPv6 ASCII Logging Error in Windows
>
>
>
> Hi Randy,
>
>
>
> Could you please provide the command that you are using to run snort also
> provide the Backtrace for the crash.
>
> If Possible please provide the pcap for this issue.
>
>
>
>
>
> Thanks,
>
> Seshaiah Erugu.
>
>
>
> -------- Forwarded Message --------
>
> *Subject: *
>
> [Snort-users] IPv6 ASCII Logging Error in Windows
>
> *Date: *
>
> Thu, 13 Oct 2016 03:38:06 +0000
>
> *From: *
>
> Randy Chow <randychow2000 () hotmail com> <randychow2000 () hotmail com>
>
> *To: *
>
> snort-users () lists sourceforge net <snort-users () lists sourceforge net>
> <snort-users () lists sourceforge net>
>
>
>
> Hello everyone, hopefully someone can help.  I have snort all configured and running until it hits a IPv6 packet then 
> fails to make directory and crashes out.  I use ascii to log as I just want it organized nicely by folders.  People 
> are saying use -b, but that does not allow desperate folders for each IP.  I can use an older version to disable 
> IPv6, but it is not suggested. Thank you.
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
> _______________________________________________
>
> Snort-users mailing list
>
> Snort-users () lists sourceforge net
>
> Go to this URL to change user options or unsubscribe:
>
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
> Snort-users list archive:
>
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!