Snort mailing list archives
Re: ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test:
From: Brian Toovey <admin () zionsecure com>
Date: Sat, 20 Dec 2003 21:16:50 -0500
Paul, The answer was snortcenter doesn't know how to handle "byte_test." The answer wasn't right in my face or I wouldn't have asked. I have read that manual, thanks for the reference though. Thanks to Eric Johnson for his link to the sans manual. page 34 explains the error - his code doesn't know how to handle byte test. http://www.sans.org/rr/papers/index.php?id=1249 On Sat, 2003-12-20 at 13:40, Paul Schmehl wrote:
--On Friday, December 19, 2003 20:46:32 -0500 Brian Toovey <admin () zionsecure com> wrote:I have seen this posted, but does anybody know the solution yet?The solution is staring you in the face. [snipped all the irrelevant lines]ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test:You have a rule that uses "byte_test" and has bad arguments supplied to it. Grep for "byte_test" in your rules files and compare the results to the proper argumentation for byte_test. (I would start with any custom rules that you've written, since it's unlikely that the rules supplied with snort with have this problem and go unnoticed by the community.) You can find the section explaining byte_test in section 2.5.11 in the snort manual, which is available on the website as well as supplied with the tarball. (Look in /doc/SnortUsersManual.pdf). If you installed from an rpm or ports collection, download the tarball and untar it somewhere. You should have the manual available for ready reference anyway. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Brian Toovey Zion Network Security Manager Product Development 3223 NE 40th St Ft Lauderdale, FL 33308 admin () zionsecure com http://www.zionsecure.com Public PGP Key Server: http://pgpkeys.mit.edu:11371/ Public PGP Key Verify: http://www.zionsecure.com/briantooveygpgpubkey.htm What is all this PGP stuff? Pretty Good Protection... http://www.pgp.com/ http://www.gnupg.org -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.3 (GNU/Linux) mQGiBD/FnwYRBADvgBDsilNzCZQQLApZlee7jZTwICA5gSsyMHW/j5x2EwD2nReU +XjfJc8Un11/Jf4kUiIOlT5EICYWAlgOcaitTHjTiaTsLHu6Yq/GPFkJH9Kcg/Pr RqQg/wkDH1Xua7QXzTmVcdo+Ndkx+3TFotnnutj2m9M+qr2DKcnbE8vaAwCgpve8 o/Bdx9QvmP4KoytO5ASmeGMEAL2YXOv1Qlnb7x+YzYkSOvFWcOdGDe0OKT9e01ap +nlyZR10GkSZ/fB+3R1I7A3IWq/6cZ9vNgedYUjC9WrZKnVc1EdTUxkMn//5cZMq VG8RcIEhxYrCYOS+B4sHny1FHjgabnZg8G3OP4NdJlQoxt7dIbKiEGpJOMkLfZos QFOiBADMy33fh+39L1KeYU3lmpDV87XnwF02CfGqdCgK3EE23flIp+a0WczqsvQm HCPIrzdtLvhY0tGZZIlvEexk97DXSQB245cxrngKmSodKTXUZcHLPvuHu8V0aczf Vo95mEe5pqv13LxWO2+WkB0Vo61PT7mmJ1tQ8MWboDN07NR/ibQ7QnJpYW4gVG9v dmV5IChaaW9uIE5ldHdvcmsgU2VjdXJpdHkpIDxhZG1pbkB6aW9uc2VjdXJlLmNv bT6IYQQTEQIAIQUCP8WfBgUJAE8aAAYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRAX DjIThjF9nlnmAJ0ft5JlgNvH6Y+rA2RUkKPgGcZV/wCfd+UE6h5il6jQfZ1Qw33O hE/6bgC5BA0EP8WfcxAQAOzflpkCbTlbLago/CtNyVq66pKxxMAYjqwgHkax+Pjc dRc1vZP6WIZnHRoVEDQjs1MJtkz4HKQeZHcC/gd2cFjK5N2mfJB2h3g7B7BdQHyP U0qXCL45yPG7ShM23gjf+hZsr/lqufa6WMPzXFg26fnSjqX2RAjx/O0C1j99EuQK RJ90alQtjSy1kZy48nVzhI4ZJKUnKMP7LOIC8QcVY/S49GNQEUpRF6rf2TI2taMu 3f8e0PH1yFeaPBIywJiTQArEO94ommTat5ni1mKSDAnd0wMTMavJ6Urwz0dFzxor KKV4UvLCGBOf0SBMeAcrOy0b/KC28AeAu5k4b3bE5GRk9tSUtt6noqeYGlMn1Ggp SZ7t2ySmi94z9RSneN1U9gh+iL/TJCikKue+kEEk/Nqg8Lu8QNLRUNAWbMqJ/J5s I7MCdC9mFsxEsGgv6LFedE//dOpdHNWd7KSlv/ykX3ZWfv42rJgQDlS1FwVnby0d VJX1afKo2vhffgZs6yEuLtmjQ8DOV1i395YfWkeXNU3xuWwnLtlA06/jDxkoXEVZ HjpwVIOkRRx7IRJ1OrnfPucW37PgmXvgybcspa7E3KfTeq1bv88ysQa79xpn39jR cIPf2XhKVWaQu6F/h/aaWHuWO2exOe2XNEXpgmQdOs9wfnch0HVvf5MjjL2muJ3z AAMFD/9Ug2D/reNxUF8Kb+wSNNoMRmXNHfe4T72Wcqtvn0QTNoLO6qnf7MwnZq/7 6AOU84uKuVxVeXZ9AOPXrQf0oZATQ6bPTsHDP/PaPpMwPZUAIt37L81c2gYFjSTy oaM5gIp2LsOZGmLOaKki0qLA0Mrs/t2r2meG+U+nDCOj5P4GxMLlRZM9+83aYMRj QSbOvtnkSSNzm4YqcRPuu5CP5iwhsCYdgvckwmLbxdn+e+AQtPcyqYFSizXcUIi2 UP4moL8vHu1PSqPqyTR6gb5onz2wPYeEJLDQLN68cnZKxAIWfhNMNcTyeSKpPoFD EnkNC9T4LNYnoIzlRnDZ1WyaXWYa0oNkw5Ye/x7FwR6xOxvbzRhvRsQPq80b7kVO tcbGGfyWyuT5Kim3spnKOHMoD3sF9z8V9wHW78njLaqc7ozEl19/+HPhE2T77Vsx EGwf4e5L04uynax7bwHemxC3lIeu104A44xpVe1cuZx52/BkArzm4RI63OWu2Pl7 JKFXMZhhSmH+urHTYS0qN0Ncp9bR60l3I6zJNR+Qh39zCCpo5Tn+H4UyFJ7bh5m2 5ba+78hbuwQi+6fJQa4Ih+LfLBb56CbaQMPL4NuEHbkUYNmKZvjSbpOGtBGdYtLV /z58NRflI1LTE6RYxUZ3hOS2/z5az5Hdlp6bmuHd9v2OK5o7vohMBBgRAgAMBQI/ xZ9zBQkATxoAAAoJEBcOMhOGMX2eiyMAnA9rhUG0VZklPRazDJES0QKcmTMyAKCl CQCr7zCdYfa4W7RhvOOrMH1l7w== =cwgL -----END PGP PUBLIC KEY BLOCK-----
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test: Brian Toovey (Dec 19)
- Re: ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test: Paul Schmehl (Dec 20)
- Re: ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test: Brian Toovey (Dec 20)
- Re: ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test: Paul Schmehl (Dec 20)