[Snort-sigs] Beginner Rule Problem
jesler at ...435...
Fri Oct 11 14:19:38 EDT 2013
On Oct 10, 2013, at 9:56 PM, wkitty42 at ...3507... wrote:
> On Thursday, October 10, 2013 2:08 PM, Kodiak80 <kodiak80 at ...2420...> wrote:
>> I finally got my issue resolved with help over on the pfSense forums. In case
>> anyone else runs into a similar problem, I was missing a classification in my
>> rule. Once I added a 'classtype: inappropriate-content', the rule worked as
>> expected. Not sure if that is a general Snort requirement, or unique to the
>> pfSense Snort install. Thanks to those offering help.
> snort does not complain about basic rules that do not include such things as SID, MSG and apparently classtype... there may be others...
> NOTE to snort development team: please cause snort to error on rules that do not conform to basics and report exactly why the rule is being complained about... :)
It'll error on SID. Classtype isn’t required, but apparently in pfsense it is. MSG isn’t required, I’ll have a discussion about if we should make it required.
Senior Research Engineer, VRT
OpenSource Community Manager
AEGIS Intelligence Lead
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs