[Snort-users] Email alert

Subba Rao subba9 at ...530...
Sun Apr 22 08:32:35 EDT 2001


I have downloaded Max Vision rules and when I try to start snort using his
rules, I get the following error:

ERROR: /etc/snort-vision.conf (93) => Unknown keyword "uricontent" in rule!

The rule is as follows:

alert TCP $INTERNAL 80 -> $EXTERNAL any (msg: "IDS276/http-cgi-bugzilla-exploit"
; flags: A+; uricontent: "process_bug.cgi"; nocase; content: "blaat at ...1874...";
nocase; reference:arachnids,276;)

I have changed "uricontent" to "urlcontent" and that did not work. How do I
verify the syntax of these rules?

Another question is, how do I setup snort to send email alerts?

TIA. 
-- 

Subba Rao
subba9 at ...530...
http://members.home.net/subba9/

GPG public key ID 27FC9217




More information about the Snort-users mailing list