Snort mailing list archives
Re: failure to generate alerts from tcpdump file
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 10 Mar 2004 11:03:38 -0500
At 03:06 AM 3/10/2004, jwang () fit edu wrote:
am all new to snort, and just finished install and configed the snort.conf file, also downloaded and installed the latest ruleset from snort.org. but when i was trying to do the following command, it failed! if i take out "-c /.../snort.conf" in command line, the system will only give me an empty alert file?! i would like to knw if there is more i have to config, any other command that will give me the alerts that i wanted? [root@localhost snort]# snort -s -r attack_file_8.tcpdump -c /etc/snort/conf/rules -c /etc/snort/conf/snort.conf ... Warning: /etc/snort/conf/rules/exploit.rules(42) => Unknown keyword 'isdataat' in rule!
Sounds like you are using rules that are too new for your version of snort.If you are using snort 2.0. use the 2.0 rule tarball, not the 2.1 rule tarball
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- failure to generate alerts from tcpdump file jwang (Mar 10)
- Re: failure to generate alerts from tcpdump file ypwhich (Mar 10)
- Re: failure to generate alerts from tcpdump file Matt Kettler (Mar 10)