Snort mailing list archives
Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.
From: alexus <alexus () gmail com>
Date: Tue, 16 Aug 2011 18:41:45 -0400
su-3.2# file /usr/local/bin/snort /usr/local/bin/snort: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), for FreeBSD 7.4, dynamically linked (uses shared libs), FreeBSD-style, not stripped su-3.2# uname -a FreeBSD dd.alexus.org 7.4-RELEASE FreeBSD 7.4-RELEASE #0: Sun Mar 20 17:48:16 UTC 2011 alexus () dd alexus org:/usr/obj/usr/src/sys/GENERIC amd64 su-3.2# once again snort itself works its rules that makes it crash right away, if i dont use that snort.conf snort runs by itself no problem On Tue, Aug 16, 2011 at 5:41 PM, Joel Esler <jesler () sourcefire com> wrote:
Are you using 32 bit SO rules on a 64 bit platform? Or Vice versa? Joel On Aug 16, 2011, at 5:02 PM, alexus wrote:file came from snortrules that I pulled yesterday, plus I've made small modifications for HOMENET and some ports that applys for my system my system is: FreeBSD dd.alexus.org 7.4-RELEASE FreeBSD 7.4-RELEASE #0: Sun Mar 20 17:48:16 UTC 2011 alexus () dd alexus org:/usr/obj/usr/src/sys/GENERIC amd64 snort.conf is attached On Tue, Aug 16, 2011 at 4:59 PM, Joel Esler <jesler () sourcefire com> wrote:Can you provide your snort.conf file and OS version for us? Joel On Aug 16, 2011, at 4:50 PM, alexus wrote:so should I be using another set of rules? to get this thing going? On Tue, Aug 16, 2011 at 11:50 AM, alexus <alexus () gmail com> wrote:if that's helpful su-3.2# snort -c /usr/local/etc/snort.conf Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/usr/local/etc/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80:81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180:8181 8243 8280 8888 9090:9091 9443 9999 11371 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ] Detection: Search-Method = AC-Full-Q Split Any/Any group = enabled Search-Method-Optimizations = enabled Maximum pattern length = 20 Tagged Packet Limit: 256 Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so... done Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/... Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/ Log directory = /var/log/snort WARNING: ip4 normalizations disabled because not inlineWARNING: tcp normalizations disabled because not inlineWARNING: icmp4 normalizations disabled because not inlineWARNING: ip6 normalizations disabled because not inlineWARNING: icmp6 normalizations disabled because not inlineFrag3 global config: Max frags: 65536 Fragment memory cap: 4194304 bytes Frag3 engine config: Target-based policy: WINDOWS Fragment timeout: 180 seconds Fragment min_ttl: 1 Fragment Problems: 1 Overlap Limit: 10 Min fragment Length: 100 Stream5 global config: Track TCP sessions: ACTIVE Max TCP sessions: 8192 Memcap (for reassembly packet storage): 8388608 Track UDP sessions: INACTIVE Track ICMP sessions: INACTIVE Log info if session memory consumption exceeds 1048576 Send up to 0 active responses Stream5 TCP Policy config: Reassembly Policy: WINDOWS Timeout: 180 seconds Limit on TCP Overlaps: 10 Maximum number of bytes to queue per session: 1048576 Maximum number of segs to queue per session: 2621 Options: Require 3-Way Handshake: YES 3-Way Handshake Timeout: 180 Detect Anomalies: YES Reassembly Ports: 21 client (Footprint) 22 client (Footprint) 23 client (Footprint) 25 client (Footprint) 42 client (Footprint) 53 client (Footprint) 79 client (Footprint) 80 client (Footprint) server (Footprint) 81 client (Footprint) server (Footprint) 109 client (Footprint) 110 client (Footprint) 111 client (Footprint) 113 client (Footprint) 119 client (Footprint) 135 client (Footprint) 136 client (Footprint) 137 client (Footprint) 139 client (Footprint) 143 client (Footprint) 161 client (Footprint) Stream5 UDP Policy config: Timeout: 180 seconds HttpInspect Config: GLOBAL CONFIG Max Pipeline Requests: 0 Inspection Type: STATELESS Detect Proxy Usage: NO IIS Unicode Map Filename: /usr/local/etc/unicode.map IIS Unicode Map Codepage: 1252 Max Gzip Memory: 838860 Max Gzip Sessions: 6 Gzip Compress Depth: 65535 Gzip Decompress Depth: 65535 DEFAULT SERVER CONFIG: Server profile: All Ports: 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 Server Flow Depth: 0 Client Flow Depth: 0 Max Chunk Length: 500000 Max Header Field Length: 750 Max Number Header Fields: 100 Inspect Pipeline Requests: YES URI Discovery Strict Mode: NO Allow Proxy Usage: NO Disable Alerting: NO Oversize Dir Length: 500 Only inspect URI: NO Normalize HTTP Headers: NO Inspect HTTP Cookies: YES Inspect HTTP Responses: YES Extract Gzip from responses: YES Unlimited decompression of gzip data from responses: YES Normalize HTTP Cookies: NO Enable XFF and True Client IP: NO Extended ASCII code support in URI: NO Ascii: YES alert: NO Double Decoding: YES alert: NO %U Encoding: YES alert: YES Bare Byte: YES alert: NO Base36: OFF UTF 8: YES alert: NO IIS Unicode: YES alert: NO Multiple Slash: YES alert: NO IIS Backslash: YES alert: NO Directory Traversal: YES alert: NO Web Root Traversal: YES alert: NO Apache WhiteSpace: YES alert: NO IIS Delimiter: YES alert: NO IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Whitespace Characters: 0x09 0x0b 0x0c 0x0d rpc_decode arguments: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 alert_fragments: INACTIVE alert_large_fragments: INACTIVE alert_incomplete: INACTIVE alert_multiple_requests: INACTIVE Segmentation fault: 11 (core dumped) su-3.2# On Tue, Aug 16, 2011 at 11:46 AM, alexus <alexus () gmail com> wrote:sorry pressed send before completing email... so i recompiled it with --enable-debug how do you want me to re-run it? I think some rules screwing it up, because when I run it as snort -Ds it runs by itself... On Tue, Aug 16, 2011 at 11:41 AM, alexus <alexus () gmail com> wrote:yes it happened right on the start up... this is me doing uninstall... su-3.2# make uninstall Making uninstall in src Making uninstall in sfutil Making uninstall in win32 Making uninstall in output-plugins Making uninstall in detection-plugins Making uninstall in dynamic-plugins Making uninstall in sf_engine Making uninstall in examples /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicengine/libsf_engine.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicengine/libsf_engine.la /usr/local/lib/snort_dynamicengine/libsf_engine.so.0 /usr/local/lib/snort_dynamicengine/libsf_engine.so /usr/local/lib/snort_dynamicengine/libsf_engine.so Making uninstall in sf_preproc_example Making uninstall in preprocessors Making uninstall in HttpInspect Making uninstall in include Making uninstall in utils Making uninstall in user_interface Making uninstall in session_inspection Making uninstall in mode_inspection Making uninstall in anomaly_detection Making uninstall in event_output Making uninstall in server Making uninstall in client Making uninstall in normalization Making uninstall in Stream5 Making uninstall in parser Making uninstall in dynamic-preprocessors Making uninstall in libs Making uninstall in ftptelnet /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so Making uninstall in smtp /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so Making uninstall in ssh /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so Making uninstall in dns /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so Making uninstall in ssl /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so Making uninstall in dcerpc2 /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so Making uninstall in sdf /bin/sh ../../../libtool --mode=uninstall rm -f '/usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.la' libtool: uninstall: rm -f /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.la /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so -f: not found *** Error code 127 Stop in /usr/local/src/snort-2.9.0.5/src/dynamic-preprocessors. *** Error code 1 Stop in /usr/local/src/snort-2.9.0.5/src/dynamic-preprocessors. *** Error code 1 Stop in /usr/local/src/snort-2.9.0.5/src. *** Error code 1 Stop in /usr/local/src/snort-2.9.0.5. su-3.2# and after re-making it, I'm getting same Segmentation fault: 11 (core dumped) On Tue, Aug 16, 2011 at 11:23 AM, Russ Combs <rcombs () sourcefire com> wrote:Is that happening on start up? Might try make uninstall and then make install. If it still happens, then make clean, ./configure with prior options plus --enable-debug and rerun in the debugger and send a backtrace. You can check here for more information on that: http://www.snort.org/snort-downloads/submit-a-bug and as that says, in the doc/BUGS file in the source tree. On Tue, Aug 16, 2011 at 11:07 AM, alexus <alexus () gmail com> wrote:I took from begging of snort.conf --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 and I recompiled my snort with all these options, which includes zlib On Tue, Aug 16, 2011 at 10:48 AM, JJC <cummingsj () gmail com> wrote:you need to build snort with --enable-zlib for that one On Tue, Aug 16, 2011 at 8:36 AM, alexus <alexus () gmail com> wrote:also if I take a snort.conf that came with distro (2.9.0.5) snort stops on following Aug 16 14:29:00 dd snort[53724]: FATAL ERROR: /usr/local/etc/snort.conf(212) => Invalid keyword 'compress_depth' for 'global' configuration. when I tried with snort.conf that came with rules I've got same message Aug 16 14:35:32 dd snort[55489]: FATAL ERROR: /usr/local/etc/snort.conf(265) => Invalid keyword 'compress_depth' for 'global' configuration. On Tue, Aug 16, 2011 at 1:06 AM, alexus <alexus () gmail com> wrote:I have following in my snort.conf (top section) # OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 I went ahead and recompile it with all that yet I still get same results On Mon, Aug 15, 2011 at 10:22 PM, Joel Esler <jesler () sourcefire com> wrote:Look at the top of the snort.conf file. You should see our recommended compile options. Sent from my iPhone On Aug 15, 2011, at 21:32, alexus <alexus () gmail com> wrote: Anything specific ? On Aug 15, 2011 8:59 PM, "Joel Esler" <jesler () sourcefire com> wrote:Sounds like you may need to take a look at our recommended compile options at the top of the snort.conf in the etc/ directory. Check that out. Sent from my iPhone On Aug 15, 2011, at 20:20, alexus <alexus () gmail com> wrote:ok, done i dont have ipv6 enabled on my system so you were right as soon as i changed ipvar to var it went through that but it complain on something else... Aug 16 00:16:41 dd snort[22515]: Running in IDS mode Aug 16 00:16:41 dd snort[22515]: Aug 16 00:16:41 dd snort[22515]: --== Initializing Snort ==-- Aug 16 00:16:41 dd snort[22515]: Initializing Output Plugins! Aug 16 00:16:41 dd snort[22515]: Initializing Preprocessors! Aug 16 00:16:41 dd snort[22515]: Initializing Plug-ins! Aug 16 00:16:41 dd snort[22515]: Parsing Rules file "/usr/local/etc/snort.conf" Aug 16 00:16:41 dd snort[22515]: PortVar 'HTTP_PORTS' defined : Aug 16 00:16:41 dd snort[22515]: [ 80:81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180:8181 8243 8280 8888 9090:9091 9443 9999 11371 ] Aug 16 00:16:41 dd snort[22515]: Aug 16 00:16:41 dd snort[22515]: PortVar 'SHELLCODE_PORTS' defined : Aug 16 00:16:41 dd snort[22515]: [ 0:79 81:65535 ] Aug 16 00:16:41 dd snort[22515]: Aug 16 00:16:41 dd snort[22515]: PortVar 'ORACLE_PORTS' defined : Aug 16 00:16:41 dd snort[22515]: [ 1024:65535 ] Aug 16 00:16:41 dd snort[22515]: Aug 16 00:16:41 dd snort[22515]: PortVar 'SSH_PORTS' defined : Aug 16 00:16:41 dd snort[22515]: [ 22 ] Aug 16 00:16:41 dd snort[22515]: Aug 16 00:16:41 dd snort[22515]: PortVar 'FTP_PORTS' defined : Aug 16 00:16:41 dd snort[22515]: [ 21 2100 3535 ] Aug 16 00:16:41 dd snort[22515]: Aug 16 00:16:41 dd snort[22515]: Detection: Aug 16 00:16:41 dd snort[22515]: Search-Method = AC-Full-Q Aug 16 00:16:41 dd snort[22515]: Split Any/Any group = enabled Aug 16 00:16:41 dd snort[22515]: Search-Method-Optimizations = enabled Aug 16 00:16:41 dd snort[22515]: Maximum pattern length = 20 Aug 16 00:16:41 dd snort[22515]: Tagged Packet Limit: 256 Aug 16 00:16:41 dd snort[22515]: Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules... Aug 16 00:16:41 dd snort[22515]: Loading dynamic detection library /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules Aug 16 00:16:41 dd snort[22515]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/... Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Aug 16 00:16:41 dd snort[22515]: done Aug 16 00:16:41 dd snort[22515]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/ Aug 16 00:16:41 dd snort[22515]: Log directory = /var/log/snort Aug 16 00:16:41 dd snort[22515]: Frag3 global config: Aug 16 00:16:41 dd snort[22515]: Max frags: 65536 Aug 16 00:16:41 dd snort[22515]: Fragment memory cap: 4194304 bytes Aug 16 00:16:41 dd snort[22515]: Frag3 engine config: Aug 16 00:16:41 dd snort[22515]: Target-based policy: WINDOWS Aug 16 00:16:41 dd snort[22515]: Fragment timeout: 180 seconds Aug 16 00:16:41 dd snort[22515]: Fragment min_ttl: 1 Aug 16 00:16:41 dd snort[22515]: Fragment Problems: 1 Aug 16 00:16:41 dd snort[22515]: Overlap Limit: 10 Aug 16 00:16:41 dd snort[22515]: Min fragment Length: 100 Aug 16 00:16:41 dd snort[22515]: FATAL ERROR: /usr/local/etc/snort.conf(246) => Unknown Stream5 global option (max_active_responses 2) # Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5 preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp no, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 2, \ min_response_seconds 5 for whatever reason(s) now it doesnt like this line: min_response_seconds 5 or according to syslog line max_active_responses 2, \ On Mon, Aug 15, 2011 at 5:40 PM, waldo kitty <wkitty42 () windstream net> wrote:On 8/15/2011 17:15, alexus wrote:line 45 of /usr/local/etc/snort.conf states: ipvar HOME_NET [64.237.55.65/27] I dont understand why it's complaining ...IIRC, ipvar is for IPv6 stuff... if you do not have IPv6 enabled in your snort compile, it won't work... use var instead of ipvar... ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation-- http://alexus.org/ ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation-- http://alexus.org/-- http://alexus.org/ ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- http://alexus.org/ ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- http://alexus.org/-- http://alexus.org/-- http://alexus.org/-- http://alexus.org/ ------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- http://alexus.org/ <snort.conf>
-- http://alexus.org/ ------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar., (continued)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. JJC (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. Russ Combs (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. Joel Esler (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. Joel Esler (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. Joel Esler (Aug 16)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 17)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. waldo kitty (Aug 17)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 18)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 22)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 22)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. Joel Esler (Aug 22)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 22)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. Joel Esler (Aug 22)
- Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar. alexus (Aug 22)