Snort mailing list archives
Re: Updating Snort
From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Mon, 22 Apr 2019 17:29:25 +0000
Yes, it's because you're using a very old version of Snort. The bitmask keyword has been supported by every version of Snort since 2005. I suggest you upgrade. We'd be glad to help you upgrade. I'd start with the installation documentation on snort.org/documents<http://snort.org/documents> and go from there. If you have questions, this is the right place to ask them -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com On Apr 22, 2019, at 11:57 AM, Nathan Hicks <NHicks () telpay ca<mailto:NHicks () telpay ca>> wrote: Hi, We’re using Snort as an IDS. So Snort, PulledPork, Barnyard2 and Snorby for the web interface. I’m having an issue where the snorby page isn’t updating with detected events. Everything else appears to be running properly, but when I try to start Snort, I get: “ERROR: /etc/snort/rules/snort.rules(9243): unknown modifier "bitmask 0x8000" Fatal Error, Quitting..” I believe this is because we’re using a very old version of Snort. I’d like to update all the components, but there doesn’t appear to be any documentation that explains how to do that. I’m a complete beginner at this stuff. Previous admin set it up and I’m just trying to figure it out – so any help is greatly appreciated. Thanks, Nathan _______________________________________________ Snort-users mailing list Snort-users () lists snort org<mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org> Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Updating Snort Nathan Hicks (Apr 22)
- Re: Updating Snort Mark W. Jeanmougin via Snort-users (Apr 22)
- Re: Updating Snort Joel Esler (jesler) via Snort-users (Apr 22)