Re: community.rules file - failure error during restart or start of snort

["Joel Esler (jesler)" <jesler () cisco com>]

On Apr 30, 2014, at 2:10 PM, Farnsworth, Robert <robert.farnsworth () hp com<mailto:robert.farnsworth () hp com>> wrote:

Trying to get compliant with the recently announced IE issue.

I have added the latest community.rules file to the rules directory and updated my snort.conf, but am getting a failure 
error when doing a restart/start.

Snort starts file without the include $RULE_PATH/community.rules entry

Not sure if this helps but get this in the /var/adm/messages file

Apr 30 09:40:04 snort[19732]: [ID 702911 daemon.notice] Encoded Rule Plugin SID: 17684, GID: 3 not registered properly. 
 Disabling this rule.


That’s not a failure.  It’s just a warning that it can’t load the Shared Object (GID:3) rule 17684.  Which isn’t in 
community.rules.  So you must also be loading the subscriber (or registered) VRT ruleset?

J

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!