Snort mailing list archives

Payload detection options conf files

From: "Sacher, Désirée" <Desiree.Sacher () six-group com>
Date: Thu, 22 Mar 2012 09:52:07 +0100

Hi Guys

I currently run Snort version 2.9.0.3. I know this is a very old version, but I'm waiting for version 2.9.2.2. To keep 
the system running current, I've been updating my snort.conf file so I could still download the 2.9.0.5 rules. I've 
been doing that for almost a year now and it has worked well enough. Now with the rules of version 2.9.1.2 it seems, 
that also Payload detection options have been changed. Where I can tweak those options, so I can manually add the 
pkt_data option and whatever else might throw compile errors?

Mar 22 09:14:37 idssensor snort[21853]:     Server side data is trusted
Mar 22 09:14:37 idssensor snort[21853]: Sensitive Data preprocessor config:
Mar 22 09:14:37 idssensor snort[21853]:     Global Alert Threshold: 25
Mar 22 09:14:37 idssensor snort[21853]:     Masked Output: DISABLED
Mar 22 09:14:37 idssensor snort[21853]:
Mar 22 09:14:37 idssensor snort[21853]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mar 22 09:14:37 idssensor snort[21853]: Initializing rule chains...
Mar 22 09:14:37 idssensor snort[21853]: FATAL ERROR: /etc/snort/rules/botnet-cnc.rules(418) Unknown rule option: 
'pkt_data'.
Mar 22 09:14:37 idssensor cfengine:idssensor[21747]: Finished script /etc/init.d/snortd restart
Mar 22 09:15:01 idssensor /usr/sbin/cron[22536]: (root) CMD (  /opt/hp/hp-health/bin/check-for-restart-requests)

It's just to keep it running for 1 more month, I promise I'll make a real update than ;)

Cheers
des

The content of this e-mail is intended only for the confidential use of the person addressed. 
If you are not the intended recipient, please notify the sender and delete this email immediately.
Thank you.

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

DAQ Mod issue Chris Standring (Mar 21)
- Re: DAQ Mod issue Michael Altizer (Mar 21)
  - Payload detection options conf files Sacher, Désirée (Mar 22)
    - Re: Payload detection options conf files Joel Esler (Mar 22)