Re: ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to byte_test:

[Brian Toovey <admin () zionsecure com>]

Paul,

The answer was snortcenter doesn't know how to handle "byte_test."  The
answer wasn't right in my face or I wouldn't have asked.  I have read
that manual, thanks for the reference though.  Thanks to Eric Johnson
for his link to the sans manual.

page 34 explains the error - his code doesn't know how to handle byte
test.

http://www.sans.org/rr/papers/index.php?id=1249

On Sat, 2003-12-20 at 13:40, Paul Schmehl wrote:
> --On Friday, December 19, 2003 20:46:32 -0500 Brian Toovey 
> <admin () zionsecure com> wrote:
>
> > I have seen this posted, but does anybody know the solution yet?
>
> The solution is staring you in the face.
>
> [snipped all the irrelevant lines]
>
> > ERROR: ERROR /snortcenter/rules/snort.eth0.conf (88): Bad arguments to
> > byte_test:
>
> You have a rule that uses "byte_test" and has bad arguments supplied to it. 
> Grep for "byte_test" in your rules files and compare the results to the 
> proper argumentation for byte_test.  (I would start with any custom rules 
> that you've written, since it's unlikely that the rules supplied with snort 
> with have this problem and go unnoticed by the community.)
>
> You can find the section explaining byte_test in section 2.5.11 in the 
> snort manual, which is available on the website as well as supplied with 
> the tarball.  (Look in /doc/SnortUsersManual.pdf).  If you installed from 
> an rpm or ports collection, download the tarball and untar it somewhere. 
> You should have the manual available for ready reference anyway.
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Brian Toovey
Zion Network Security
Manager Product Development
3223 NE 40th St
Ft Lauderdale, FL 33308
admin () zionsecure com
http://www.zionsecure.com

Public PGP Key Server: http://pgpkeys.mit.edu:11371/
Public PGP Key Verify:
http://www.zionsecure.com/briantooveygpgpubkey.htm
What is all this PGP stuff?  Pretty Good Protection...
http://www.pgp.com/   http://www.gnupg.org


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3 (GNU/Linux)

mQGiBD/FnwYRBADvgBDsilNzCZQQLApZlee7jZTwICA5gSsyMHW/j5x2EwD2nReU
+XjfJc8Un11/Jf4kUiIOlT5EICYWAlgOcaitTHjTiaTsLHu6Yq/GPFkJH9Kcg/Pr
RqQg/wkDH1Xua7QXzTmVcdo+Ndkx+3TFotnnutj2m9M+qr2DKcnbE8vaAwCgpve8
o/Bdx9QvmP4KoytO5ASmeGMEAL2YXOv1Qlnb7x+YzYkSOvFWcOdGDe0OKT9e01ap
+nlyZR10GkSZ/fB+3R1I7A3IWq/6cZ9vNgedYUjC9WrZKnVc1EdTUxkMn//5cZMq
VG8RcIEhxYrCYOS+B4sHny1FHjgabnZg8G3OP4NdJlQoxt7dIbKiEGpJOMkLfZos
QFOiBADMy33fh+39L1KeYU3lmpDV87XnwF02CfGqdCgK3EE23flIp+a0WczqsvQm
HCPIrzdtLvhY0tGZZIlvEexk97DXSQB245cxrngKmSodKTXUZcHLPvuHu8V0aczf
Vo95mEe5pqv13LxWO2+WkB0Vo61PT7mmJ1tQ8MWboDN07NR/ibQ7QnJpYW4gVG9v
dmV5IChaaW9uIE5ldHdvcmsgU2VjdXJpdHkpIDxhZG1pbkB6aW9uc2VjdXJlLmNv
bT6IYQQTEQIAIQUCP8WfBgUJAE8aAAYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRAX
DjIThjF9nlnmAJ0ft5JlgNvH6Y+rA2RUkKPgGcZV/wCfd+UE6h5il6jQfZ1Qw33O
hE/6bgC5BA0EP8WfcxAQAOzflpkCbTlbLago/CtNyVq66pKxxMAYjqwgHkax+Pjc
dRc1vZP6WIZnHRoVEDQjs1MJtkz4HKQeZHcC/gd2cFjK5N2mfJB2h3g7B7BdQHyP
U0qXCL45yPG7ShM23gjf+hZsr/lqufa6WMPzXFg26fnSjqX2RAjx/O0C1j99EuQK
RJ90alQtjSy1kZy48nVzhI4ZJKUnKMP7LOIC8QcVY/S49GNQEUpRF6rf2TI2taMu
3f8e0PH1yFeaPBIywJiTQArEO94ommTat5ni1mKSDAnd0wMTMavJ6Urwz0dFzxor
KKV4UvLCGBOf0SBMeAcrOy0b/KC28AeAu5k4b3bE5GRk9tSUtt6noqeYGlMn1Ggp
SZ7t2ySmi94z9RSneN1U9gh+iL/TJCikKue+kEEk/Nqg8Lu8QNLRUNAWbMqJ/J5s
I7MCdC9mFsxEsGgv6LFedE//dOpdHNWd7KSlv/ykX3ZWfv42rJgQDlS1FwVnby0d
VJX1afKo2vhffgZs6yEuLtmjQ8DOV1i395YfWkeXNU3xuWwnLtlA06/jDxkoXEVZ
HjpwVIOkRRx7IRJ1OrnfPucW37PgmXvgybcspa7E3KfTeq1bv88ysQa79xpn39jR
cIPf2XhKVWaQu6F/h/aaWHuWO2exOe2XNEXpgmQdOs9wfnch0HVvf5MjjL2muJ3z
AAMFD/9Ug2D/reNxUF8Kb+wSNNoMRmXNHfe4T72Wcqtvn0QTNoLO6qnf7MwnZq/7
6AOU84uKuVxVeXZ9AOPXrQf0oZATQ6bPTsHDP/PaPpMwPZUAIt37L81c2gYFjSTy
oaM5gIp2LsOZGmLOaKki0qLA0Mrs/t2r2meG+U+nDCOj5P4GxMLlRZM9+83aYMRj
QSbOvtnkSSNzm4YqcRPuu5CP5iwhsCYdgvckwmLbxdn+e+AQtPcyqYFSizXcUIi2
UP4moL8vHu1PSqPqyTR6gb5onz2wPYeEJLDQLN68cnZKxAIWfhNMNcTyeSKpPoFD
EnkNC9T4LNYnoIzlRnDZ1WyaXWYa0oNkw5Ye/x7FwR6xOxvbzRhvRsQPq80b7kVO
tcbGGfyWyuT5Kim3spnKOHMoD3sF9z8V9wHW78njLaqc7ozEl19/+HPhE2T77Vsx
EGwf4e5L04uynax7bwHemxC3lIeu104A44xpVe1cuZx52/BkArzm4RI63OWu2Pl7
JKFXMZhhSmH+urHTYS0qN0Ncp9bR60l3I6zJNR+Qh39zCCpo5Tn+H4UyFJ7bh5m2
5ba+78hbuwQi+6fJQa4Ih+LfLBb56CbaQMPL4NuEHbkUYNmKZvjSbpOGtBGdYtLV
/z58NRflI1LTE6RYxUZ3hOS2/z5az5Hdlp6bmuHd9v2OK5o7vohMBBgRAgAMBQI/
xZ9zBQkATxoAAAoJEBcOMhOGMX2eiyMAnA9rhUG0VZklPRazDJES0QKcmTMyAKCl
CQCr7zCdYfa4W7RhvOOrMH1l7w==
=cwgL
-----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: This is a digitally signed message part