Re: signature and classifications

[lee leahu <lee () ricis com>]

Erek Adams <erek () snort org> scribbled:
> > Is there a way to put my custom entries in one file and let oinkmaster
> > updated the other files so that I can also be up-to-date on the
> > classifications and sig-msg ?
>
>       include $RULEPATH/my.classification
>       include $RULEPATH/my.sig-msg

using this configuration i am getting some errors



--snip-- (snort.conf)
include my.classification
include my.sid-msg
--snip--


--snip-- (my.sid-msg)
1000001 || Sobig.F worm - actively reset
1000002 || ALERT!!! NACHI Infection!!
--snip--


my messages log show the following error:

snort: FATAL ERROR: /etc/snort/my.sid-msg(1) => Unknown rule type: 1000001 


-- 
Lee Leahu                           RICIS, Inc.
Internet Technology Specialist      866-RICIS-77 Toll Free Voice (US)
lee () ricis com                       708-444-2690 Voice (International)
http://www.ricis.com/               866-99-RICIS Toll Free Fax (US)
                                    708-444-2697 Fax (International)

RICIS, Inc. is a member of the Public Safety Alliance Group

This email and any attachments that are included in it have been scanned
for malicious or inappropriate content and are believed to be safe.


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users