Re: VRT Release 2010-02-23 uses "detection_filter"

["evilghost () packetmail net" <evilghost () packetmail net>]

While it is in poor taste to reply to my own message, in this case it's 
necessary.  For those who have elected to upgrade or are planning to 
upgrade to 2.8.5.3 as a result of the VRT rule changes please be advised 
that the -L flag does not work in 2.8.5.3.  Evidently this is a known 
issue (I did report it to the team) and has been resolved in 2.8.6 RC.  
There is no "known bugs" listing/document in 2.8.5.3, instead, this bug 
is identified and corrected in 2.8.6 RC change log.

In my environment this caused some havoc as the -L flag was used to 
separate logging for multiple BPF flow-pinned instances.  The -L flag is 
ignored and all files log to snort.log.{epoch}.  There could be file 
contention and clobbering as multiple instances attempt to write to the 
same file; I have not investigated this further to see if this is indeed 
the case.

I used the -l flag to dump the files into a separate directory using the 
same naming convention as the now defunct -L flag used.

-evilghost

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs