Snort mailing list archives

Re: Updating Snort

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Mon, 22 Apr 2019 17:29:25 +0000

Yes, it's because you're using a very old version of Snort. The bitmask keyword has been supported by every version of
Snort since 2005. I suggest you upgrade. We'd be glad to help you upgrade. I'd start with the installation
documentation on snort.org/documents<http://snort.org/documents> and go from there. If you have questions, this is the
right place to ask them

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On Apr 22, 2019, at 11:57 AM, Nathan Hicks <NHicks () telpay ca<mailto:NHicks () telpay ca>> wrote:

Hi,

We’re using Snort as an IDS. So Snort, PulledPork, Barnyard2 and Snorby for the web interface. I’m having an issue
where the snorby page isn’t updating with detected events.
Everything else appears to be running properly, but when I try to start Snort, I get:

“ERROR: /etc/snort/rules/snort.rules(9243): unknown modifier "bitmask 0x8000"
Fatal Error, Quitting..”

I believe this is because we’re using a very old version of Snort. I’d like to update all the components, but there
doesn’t appear to be any documentation that explains how to do that.

I’m a complete beginner at this stuff. Previous admin set it up and I’m just trying to figure it out – so any help is
greatly appreciated.

Thanks,
Nathan

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

To unsubscribe, send an email to:
snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org>

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Updating Snort Nathan Hicks (Apr 22)
- Re: Updating Snort Mark W. Jeanmougin via Snort-users (Apr 22)
- Re: Updating Snort Joel Esler (jesler) via Snort-users (Apr 22)