Snort mailing list archives
Re: Whitehats rules work :) (was Re: Whitehats rules don't work)
From: Max Vision <vision () whitehats com>
Date: Tue, 5 Jun 2001 07:49:26 -0700 (PDT)
Correction, snort -T -c rulestotest.conf *does* show an error, it's just that classification errors aren't a showstopper. We will now include a check for "Bad Priority setting" error messages when running snort -T on a potential rules export. Sorry about letting it slip before. Max On Tue, 5 Jun 2001, Max Vision wrote:
The relay-or-info-attept classification was accidentally omitted until one of the updates on May 31st, so it has only been fixed for about a week. Thanks to Roeland Weve for reporting the omission. Also the 'snort -T -c rulestotest.conf' doesn't notice if a classfication is missing. I had seen: "Snort sucessfully loaded all rules and checked all rule chains!" Max On Tue, 5 Jun 2001, Fran?ois D?sarm?nien wrote:Mon, 4 Jun 2001 15:48:21 +0530 "Sid" <s_i_d_j () yahoo com> wrote:Hi, I know i've missed something but the vision18.conf i downloaded from whitehats.com doesn't work. It gives a lot of errors while starting snort about bad rules. I think its the classification. Anyway, whats the way out??Yes, you're right : there's a problem with rule #436 which is classified as 'relay-or-info-attempt' that doesn't exist in the classification rules. Either change its tag, add new classification or comment out the rule to have it load. First option seems to me to be the best. Having done that, it works perfectly for me with 1.8beta4. Fran?ois_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Whitehats rules don't work Sid (Jun 04)
- Re: Whitehats rules don't work Chris Green (Jun 04)
- Re: Whitehats rules don't work Max Vision (Jun 04)
- Re: Whitehats rules don't work François Désarménien (Jun 05)
- Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- Re: Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- <Possible follow-ups>
- RE: Whitehats rules don't work Ginnetty, James (Jun 04)
- RE: Whitehats rules don't work Caruso, Ken (Jun 04)
- Fw: Whitehats rules don't work Sid (Jun 04)
- Re: Fw: Whitehats rules don't work Phil Wood (Jun 05)