Snort mailing list archives
Re: error with rulesets
From: Martin Roesch <roesch () sourcefire com>
Date: Sun, 06 May 2001 23:24:40 -0400
Make sure the variables at the top of snort.conf are set... -Marty Chris wrote:
snort -V shows : -*> Snort! <*- Version 1.7 By Martin Roesch (roesch () clark net, www.snort.org) but... snort -v -c conf.file shows : Initializing Network Interface eth0 Kernel filter, protocol ALL, TURBO mode (63 frames), raw packet socket Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... database: compiled support for ( mysql ) database: configured to use mysql database: database name = snort database: user = SOMEone database: host = localhost database: detail level = full database: sensor name = 192.X.G.H database: sensor id = DD database: using the "log" facility [!] ERROR /etc/snort/exploit.rules(20) => Bad port number: "(msg:"EXPLOIT" the exploit.rules file (AS ALL the .rules) are from : http://www.snort.org/Files/Current/snortrules.tar.gz for Snort1.7 checked the rules file, cant pick up whats wrong with it please reply !!!! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- error with rulesets Chris (May 05)
- Re: error with rulesets Martin Roesch (May 06)