Snort mailing list archives

RE: custom sig file

From: SN ORT <snort_on_acid () yahoo com>
Date: Fri, 5 Mar 2004 08:04:20 -0800 (PST)

First, please try to send your messages in PLAIN TEXT.

This core dump with whatever line it is you're trying
to incorporate could be caused by an overload, such as
"check EVERY incoming and outgoing packet for this
signature". This could cause it to max out the
cpu..etc, or it could be as simple as a syntax error.
You'll need to supply the problem lines in question.

Cheese!

Marc

Message: 1
From: "Rowland, Krisa W ERDC-ITL-MS Contractor">

         <Krisa.W.Rowland () erdc usace army mil>

To: snort-users () lists sourceforge net
Date: Thu, 4 Mar 2004 15:33:50 -0600
Subject: [Snort-users] custom sig file

This message is in MIME format. Since your mail
reader does not understand
this format, some or all of this message may not be
legible.

------_=_NextPart_001_01C40230.097C88FE
Content-Type: text/plain;
      charset="iso-8859-1"

I created a custom signature file called
erdclocal.rules.  If I comment the
line out in my config file - then Snort runs
beautifully.  If I let my
config file read this line and read the custom rules
file (even if I comment
out every single line in the file!!!) then it core
dumps.  Is there a step
I'm missing in adding custom rules files???

Krisa Rowland
ERDC Information Assurance Team

<snip>

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster
http://search.yahoo.com


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

custom sig file Rowland, Krisa W ERDC-ITL-MS Contractor (Mar 04)
- <Possible follow-ups>
- RE: custom sig file JP Vossen (Mar 04)
- RE: custom sig file SN ORT (Mar 05)