[Snort-sigs] Lost message and classification

Russell Fulton r.fulton at ...575...
Mon Jun 10 21:11:02 EDT 2002


On Tue, 2002-06-11 at 13:32, Martin Roesch wrote:
> Is that really the rule?  If it is, it's so wrong that I'm surprised Snort
> will even startup without throwing an error...
> 

Doh!  I never noticed that the leading parenthesis had got lost!

It never occurred to me to look for anything that basic -- I assumed
that if there were syntacical problems snort would tell me.  It seems to
have ignored everything except the headers which explains the message.

Hmmmm... I may look at the source and tweak it so that this particular
problem raises an error to protect idiots like me from ourselves!
I'll pass the patches back of course.

I've just fixed the rule syntax and restarted snort, [pause while we
wait for the next snort snarf run] Yes that's fixed it.

Apologies for the confusion.

Cheers, Russell.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand





More information about the Snort-sigs mailing list