Re: Flowbits set to isset

[Russ via Snort-users <snort-users () lists snort org>]

Ooh, that global search and replace will not lead to happy Snorting.  
Please direct your query to snort-sigs () lists snort org where they can 
help get you fixed up.

Russ

On 6/12/18 10:02 PM, Gerry Carpinetti via Snort-users wrote:
> I did some reading on flowbit warnings and how to fix them but after 
> the changes I still receive the warnings. I used Notepad++ to open a 
> rules file, than used Search -> Find In Files "selected the 
> C:\Snort\rules folder than entered "flowbits:set" into the Find What 
> box, I replaced all flowbits:set to flowbits:isset..
>
> No matter which .rules file I open and search for flowbits:set has 
> been replaced with isset but yet I still get the WARNING: flowbits key 
> 'file.cur' is checked but not ever set, as an example. Even if I do a 
> direct search within the file-indentify.rules for flowbits:set none exist.
>
> Does this warning have to do with the flowbits:isnotset??
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette