Re: ERROR LOG

[JPP <jpp () frws com>]

Hi Carlos

Find the snort.conf file.
In the snort.conf file - remark out the line that contains 
experimental.rules  (use a #)

And then restart snort and see if it runs now.
Probably will.

Then go into that experimental.rules file  (mine is empty so I cannot
help here), find line 16 (the (16) in the error message) and correct the
rule that is currently causing Snort to not run.

This should get you started with Snort - fixing that rule is a lesson
you will have to struggle through.  *smiles*

Regards!

Jerome
ePaxSys NetSolutions
http://www.epaxsys.net

Carlos Augusto Silva wrote:
> Hello,
> I recept error message:
>
> Apr 18 14:45:43 snort snort: Initializing daemon mode
> Apr 18 14:45:43 snort snort: PID stat checked out ok, PID set to /var/run/
> Apr 18 14:45:43 snort snort: Writing PID file to "/var/run/"
> Apr 18 14:45:50 snort snort: FATAL ERROR:  ERROR:
> /usr/local/snort/rules/experimental.rules(16) => Unknown keyword flow" in
> rule!
> Apr 18 14:45:51 snort kernel: device eth0 left promiscuous mode
>
> How a starting my snort using rules configuration files ?
> I using snort 1.8.6 and RedHat Linux 7.0
>
> Tanks for all
>
> Carlos
> Brazil
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users