Re: Hi All,

[CunningPike <cunningpike () gmail com>]

Hi Laurence,

If you have upgraded from an older version of snort, make sure that you 
are using the snort.conf that came with snort-2.8.0 as the starting 
point for migrating your customizations to that file from the old version.

Among other things, snort-2.8.0 replaced flow with stream5, and 
attempting to use flow-based rules on UDP traffic without stream5 can 
cause problems.

(I'm from Dublin originally, by the way - nice to see another Paddy on 
the list!).

CP

Laurence Moughan wrote:
> Hi All,
>  
>  
>  Solaris 8 - Snort 2.8
>
>
> Apr 17 16:39:31 obeids01 snort[19974]: [ID 379120 daemon.error] FATAL 
> ERROR: /usr/local/etc/snort/./rules/bad-traffic.rules(28: Cannot check 
> flow connection for non-TCP traffic
>
> I Manged to get past that by commenting the udp lines, but then the next 
> ruleset is same,
> and the next
> and the next
>  
> I can't just copmment nearly every rule !!
>
> is theer a fix for this ?
>
> Apr 17 17:01:54 obeids01 snort[21890]: [ID 379120 daemon.error] FATAL 
> ERROR: /usr/local/etc/snort/./rules/rpc.rules(33): Cannot check flow 
> connection for non-TCP traffic
>  
> Any ideas ?
>
> I'm using the latest 2.8 rule set ( registered users )
>
> ,,_ -*> Snort! <*-
> o" )~ Version 2.8.0 (Build 67)
> '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
> (C) Copyright 1998-2007 Sourcefire Inc., et al.
> Using PCRE version: 4.5 01-December-2003
>
>  
>
> ..For low fares and great deals on hotels, car hire and travel insurance 
> visit http://www.aerlingus.com
>
> *******************************************************************************
>
> This email and any files transmitted with it are confidential and
>
> intended solely for the use of the individual or entity to whom they
>
> are addressed. Any review, dissemination or other use of, or taking
>
> of any action in reliance upon, this information by persons or entities
>
> other than the intended recipient is prohibited.If you have received
>
> this email in error please notify the sender immediately and delete
>
> the material.
>
> *******************************************************************************
>
> Aer Lingus Limited
>
> Registered in Ireland
>
> Company Number 9215
>
> Registered Office at Dublin Airport, Dublin,Ireland.
>
> *******************************************************************************
>
>  
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users