Snort mailing list archives
Re: signature and classifications
From: Erek Adams <erek () snort org>
Date: Sat, 23 Aug 2003 21:43:27 -0400 (EDT)
On Fri, 22 Aug 2003, lee leahu wrote:
using this configuration i am getting some errors --snip-- (snort.conf) include my.classification include my.sid-msg --snip-- --snip-- (my.sid-msg) 1000001 || Sobig.F worm - actively reset 1000002 || ALERT!!! NACHI Infection!! --snip-- my messages log show the following error: snort: FATAL ERROR: /etc/snort/my.sid-msg(1) => Unknown rule type: 1000001
*ugh* That'll teach me to get more sleep before replying. :) You can include your classifications, just not your sid-msg file. For sid-msg.map, just use the contrib/regen-sidmap script to regen sid-msg.map each time. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- signature and classifications lee leahu (Aug 22)
- Re: signature and classifications Erek Adams (Aug 22)
- Re: signature and classifications lee leahu (Aug 22)
- Re: signature and classifications Erek Adams (Aug 23)
- Re: signature and classifications lee leahu (Aug 22)
- Re: signature and classifications Andreas Östling (Aug 23)
- Re: signature and classifications Erek Adams (Aug 22)