Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Unknown rule type: iis_unicode_map

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Tue, 1 Jun 2004 08:52:23 -0500
The file is included with the snort tarball (not the RPM for some
reason) move it to the location of your snort.conf


-----Original Message-----
From: Mark Wade [mailto:mark-wade () comcast net] 
Sent: Monday, May 31, 2004 8:45 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Unknown rule type: iis_unicode_map

I am a new user to snort.  I am running Snort 2.1.0 Ruleset.  I am
trying to run snort in the NIDS mode and keep getting the same error:
ERROR: /etc/snort/snort.conf(285) => Unknown rule type: iis_unicode_map
Fatal Error, Quitting..


After doing a bunch of research I found out that I have to install:
Unicode-Map-0.112.tar.gz, so I did, and did so successfully.  After
doing the install I still can not find the file iis_unicode_map.  I do
have this
file: unicode.map located in my rules dir.  I have been looking into
this for two days and I finally said its time to ask for help.

thanks, in advance.

Mark






-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g Get certified on the
hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: