Snort mailing list archives

Re: Syntax error in NSM

From: Wei Chea Ang <weichea () gmail com>
Date: Thu, 16 May 2013 11:59:11 +0800

I have experienced with nsm where some of the rule options are not being
recognised.
On 16 May, 2013 10:01 AM, "waldo kitty" <wkitty42 () windstream net> wrote:

On 5/10/2013 07:30, elmo second wrote:

I understand there is an issue importing Snort rules into McAfee NSM.

I am trying to import a rule to alert for FTP anonymous:

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTP

anonymous

login attempt"; flow:to_server,established; content:"USER";

fast_pattern:only;

pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; metadata:ruleset

community,

service ftp; classtype:misc-activity; sid:553; rev:13; )

I am receiving a syntax error.
Any assistance appreciated.


what is the supposed "syntax" error? without that, all anyone can do is
make
WAGs... at best they might be eWAGs...

WAG == Wild Arsed Guess

eWAG == educated WAG


--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.


------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Syntax error in NSM elmo second (May 15)
- Re: Syntax error in NSM Joel Esler (May 15)
- Re: Syntax error in NSM waldo kitty (May 15)
  - Re: Syntax error in NSM Wei Chea Ang (May 15)