Re: [Q] Bleedingsnort rules

[Stef <stefmit () gmail com>]

OK - thanks - I will. It is not there (snort.conf), but I got your
point, so I will look through all possible configs I am/may be
calling. The truth is that I have a multi-tier
snort/barnyard/sguil/acid type of environment, and perhaps I have
placed something wrong, somewhere, that gets called by snort ?!? Thx
again (and apologies to sekure - I skimmed too fast through his email,
which made the same point).

On Wed, 08 Dec 2004 12:58:20 -0600, Frank Knobbe <frank () knobbe us> wrote:
> On Wed, 2004-12-08 at 12:55, Stef wrote:
> > I did - and it did not work, but even logically speaking,the error is
> > such that it points to the right file - again:
> >
> > ERROR: <my-path-to-rules>/bleeding-sid-msg.map(1) => Unknown rule type: 2000003
>
> That error only comes up if you try to include the file. As mentioned
> previously, don't do that. The sid-msg.map file is not included in the
> snort.conf so the bleeding-sid-msg.map is not either. Instead append the
> contents of file bleeding-sid-msg.map to sid-msg.map.
>
> grep through your snort.conf and make sure you don't include any
> sid-msg.
>
> Regards,
> Frank


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users