Re: [Q] Bleedingsnort rules

[Stef <stefmit () gmail com>]

This is not what I meant - please re-read the email. The map was "made
available" (which it should), and the rules also, but - no matter
where either of the two is (actually "are", for the rules), I get the
error. I do NOT include the map in snort.conf, of course.


On Wed, 8 Dec 2004 10:45:53 -0500, sekure <sekure () gmail com> wrote:
> bleeding-sid-msg.map is not an actual rule file it's a file mapping
> the event name to the sid.  You don't need to include it in your
> snort.conf.
>
>
>
>
> On Wed, 8 Dec 2004 09:27:20 -0600, Stef <stefmit () gmail com> wrote:
> > Hi, all,
> >
> > I have used many times before the bleeding rules, but not recently
> > (I've used them at a time when there were "all-in-one"). I have just
> > gotten the bleeding-rules-tar.gz, placed the map in the needed place,
> > the rules where they belong, but whenever I start snort (2.2), I get:
> >
> > ERROR: <my-path-to-rules>/bleeding-sid-msg.map(1) => Unknown rule type: 2000003
> >
> > which 2000003 just happens to be the first one in the map.
> >
> > I have tried to ln -s the map and rules in other directories (where I
> > was running the snort from, etc.), to no avail.
> >
> > This is probably something obvious that I am missing ... any ideas?!?
> >
> > TIA,
> > Stef


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users