Snort mailing list archives

RE: custom sig file

From: JP Vossen <vossenjp () netaxs com>
Date: Thu, 4 Mar 2004 23:40:44 -0500 (EST)

From: "Rowland, Krisa W ERDC-ITL-MS Contractor"
       <Krisa.W.Rowland () erdc usace army mil>
To: snort-users () lists sourceforge net
Date: Thu, 4 Mar 2004 15:33:50 -0600
Subject: [Snort-users] custom sig file

I created a custom signature file called erdclocal.rules.  If I comment
the line out in my config file - then Snort runs beautifully.  If I let my
config file read this line and read the custom rules file (even if I
comment out every single line in the file!!!) then it core dumps.  Is
there a step I'm missing in adding custom rules files???


You don't mention what OS you are running, but I'll assume you you're running
some UNIX since you mention core dumps.  I had a similar problem where Snort
would give odd errors (but not dump core) on a custom rules file.  It turned
out I'd accidentally gotten CRLF pairs into the file I was running on Linux...

Make absolutely sure you have no CRs or other "garbage" characters in the
custom file.  You can also copy the file and change the include, then delete 1
line at a time until it stops dumping core

HTH,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

custom sig file Rowland, Krisa W ERDC-ITL-MS Contractor (Mar 04)
- <Possible follow-ups>
- RE: custom sig file JP Vossen (Mar 04)
- RE: custom sig file SN ORT (Mar 05)