[Snort-users] Using "ruletype" keyword
jcorgan at ...1638...
Wed Apr 4 23:14:50 EDT 2001
I'm trying to create a simple set of custom rules using the "ruletype"
keyword. Unfortunately, I must have a very basic misunderstanding of how to
do it, as I can't even get the example from "Writing Snort Rules" to work.
Here is my snort.conf:
var INTERNAL xx.xx.xx.xx/xx
var EXTERNAL !xx.xx.xx.xx/xx
preprocessor http_decode: 80
output log_tcpdump: suspicious.log
Snort (1.7) will fail upon startup with this error message (all on one line):
ERROR line snort.conf (8): Type not defined for rule file declaration:
Suggestions? I feel like this must be the "Hello, world" of snort configs and
I can't get it to compile :-)
Atlas Enterprises Internet
More information about the Snort-users