Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: signature and classifications

From: Erek Adams <erek () snort org>
Date: Sat, 23 Aug 2003 21:43:27 -0400 (EDT)
On Fri, 22 Aug 2003, lee leahu wrote:


using this configuration i am getting some errors



--snip-- (snort.conf)
include my.classification
include my.sid-msg
--snip--


--snip-- (my.sid-msg)
1000001 || Sobig.F worm - actively reset
1000002 || ALERT!!! NACHI Infection!!
--snip--


my messages log show the following error:

snort: FATAL ERROR: /etc/snort/my.sid-msg(1) => Unknown rule type: 1000001


*ugh*  That'll teach me to get more sleep before replying.  :)


You can include your classifications, just not your sid-msg file.  For
sid-msg.map, just use the contrib/regen-sidmap script to regen sid-msg.map
each time.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: