Re: failure to generate alerts from tcpdump file

[Matt Kettler <mkettler () evi-inc com>]

At 03:06 AM 3/10/2004, jwang () fit edu wrote:
>  am all new to snort, and just finished install and configed the
> snort.conf file, also downloaded and installed the latest ruleset from
> snort.org. but when i was trying to do the following command, it failed!
> if i take out "-c /.../snort.conf" in command line, the system will only
> give me an empty alert file?! i would like to knw if there is more i have
> to config, any other command that will give me the alerts that i wanted?
>
> [root@localhost snort]# snort -s -r attack_file_8.tcpdump -c
> /etc/snort/conf/rules -c /etc/snort/conf/snort.conf
> ...
> Warning: /etc/snort/conf/rules/exploit.rules(42) => Unknown keyword
> 'isdataat' in rule!

Sounds like you are using rules that are too new for your version of snort.

If you are using snort 2.0. use the 2.0 rule tarball, not the 2.1 rule tarball 



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users