Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Unknown keyword "flow" in rule!

From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Sat, 30 Mar 2002 18:10:27 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hehe... I fell for that the other day myself. I believe you have to
download the snortrules-stable.tar.gz or something like that. At
least, not current.

If you update the rules from CVS (like I do), you need to specify the
- -r SNORT_1_8 tag.

The flow keyword seems to be something new in the 1.9 (?) version the
guys are currently working on. Maybe someone else can elaborate as to
what it does (yeah, I know it's for flow control, but will it replace
- -> or is it layer 7 specific?)

Regards,
Frank


PS: I'm running 1.8.4 (build 101)


-----Original Message-----
From: Steve Ochani [mailto:jpegny () optonline net]
Sent: Saturday, March 30, 2002 5:10 PM

Hello all,

I'm running snort 1.8.3 (prebuilt package) on SunOS 5.8 on a ultra
10.  

I wanted to start to use 1.8.4 and snortrules-current.tar.gz.

I removed 1.8.3 via pkgrm, wiped out the old rules and installed 

snort-1.8.4-solaris8.pkg.gz and put 
snortrules-current.tar.gz, configured snort.conf etc and tried 
to start snort by using this command line

/opt/snort/bin/snort -o -d -D -A fast -c /opt/snort/etc/snort.conf

but I received the following error (in the /var/adm/messages) 

ERROR: ./exploit.rules(7) => Unknown keyword "flow" in rule!

I have also tried

snort-current-sol8.pkg.gz

(which is 1.8.3) and no go


What am I doing wrong? Whould I build 1.8.4 from source (why 
would that be diff then the 
prebuilt package?)



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPKZT8szYtOFvgXQfEQKr/wCfVzslEVMe7rEaZSFOiYY68Q6RF+QAn1iN
rRZNoz0z100i10/esZonxT+B
=Dyhp
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: