Snort rules touble.

[Jason Gauthier <jgauthier () lastar com>]

Greetings-

I just installed snort, so I'm a completely new user. I've been reading many
documents about set up, configs, etc.  I realize snort is a complicated
piece of software.


Anyway, I compiled and installed snort without issue.  I extracted the
rules, read the documentation on how to start it.  I edit a snort.conf, and
was ready to go.

I executed:

/opt/snort/bin/snort -dev -l /opt/snort/logs -c /opt/snort/etc/snort.conf

Starts up and the errors out:
ERROR /opt/snort/rules/bad-traffic.rules(19) => Bad protocol name ">134"

Eh, Not too bad. So i read some more, and then edit the rule.  
I decide to comment it out, so I can fix it later, for now, I would like to
get snort running.

Immediately follows:
ERROR: /opt/snort/rules/exploit.rules(7) => Unknown keyword "flow" in rule!

So, i check out this rule file and notice they all have "flow" in them.
I now decide something is completely wrong :)

This is "current", as I had the same problems with the rules with 1.8.6.

Appreciate any insight.


-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users