Snort mailing list archives
RE: Snort rules touble.
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 21 Jun 2002 10:48:36 -0600
On occasion things that might cause these type of errors, especially if everything configured and compiled fine are syntax errors in the rules files or the snort.conf file. Perhaps you could go back through the files that you recently changed and find the sections that you edited and see if there is a missing semicolon, colon or parentheses or anything pertaining to syntax. -----Original Message----- From: Jason Gauthier [mailto:jgauthier () lastar com] Sent: Friday, June 21, 2002 10:21 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort rules touble. Greetings- I just installed snort, so I'm a completely new user. I've been reading many documents about set up, configs, etc. I realize snort is a complicated piece of software. Anyway, I compiled and installed snort without issue. I extracted the rules, read the documentation on how to start it. I edit a snort.conf, and was ready to go. I executed: /opt/snort/bin/snort -dev -l /opt/snort/logs -c /opt/snort/etc/snort.conf Starts up and the errors out: ERROR /opt/snort/rules/bad-traffic.rules(19) => Bad protocol name ">134" Eh, Not too bad. So i read some more, and then edit the rule. I decide to comment it out, so I can fix it later, for now, I would like to get snort running. Immediately follows: ERROR: /opt/snort/rules/exploit.rules(7) => Unknown keyword "flow" in rule! So, i check out this rule file and notice they all have "flow" in them. I now decide something is completely wrong :) This is "current", as I had the same problems with the rules with 1.8.6. Appreciate any insight. ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort rules touble. Jason Gauthier (Jun 21)
- Re: Snort rules touble. Ryan Russell (Jun 21)
- Re: Snort rules touble. Matt Kettler (Jun 21)
- <Possible follow-ups>
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
- RE: Snort rules touble. Matt Kettler (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Andreas Östling (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)