[Snort-users] Whitehats rules work :) (was Re: Whitehats rules don't work)
vision at ...4...
Tue Jun 5 10:49:26 EDT 2001
Correction, snort -T -c rulestotest.conf *does* show an error, it's just
that classification errors aren't a showstopper. We will now include a
check for "Bad Priority setting" error messages when running snort -T on a
potential rules export. Sorry about letting it slip before.
On Tue, 5 Jun 2001, Max Vision wrote:
> The relay-or-info-attept classification was accidentally omitted until one
> of the updates on May 31st, so it has only been fixed for about a week.
> Thanks to Roeland Weve for reporting the omission.
> Also the 'snort -T -c rulestotest.conf' doesn't notice if a classfication
> is missing. I had seen:
> "Snort sucessfully loaded all rules and checked all rule chains!"
> On Tue, 5 Jun 2001, Fran�ois D�sarm�nien wrote:
> > Mon, 4 Jun 2001 15:48:21 +0530
> > "Sid" <s_i_d_j at ...131...> wrote:
> > > Hi,
> > >
> > > I know i've missed something but the vision18.conf i downloaded from
> > > whitehats.com doesn't work. It gives a lot of errors while starting snort
> > > about bad rules. I think its the classification. Anyway, whats the way out??
> > >
> > Yes, you're right : there's a problem with rule #436 which is classified as
> > 'relay-or-info-attempt' that doesn't exist in the classification rules.
> > Either change its tag, add new classification or comment out the rule to have
> > it load. First option seems to me to be the best. Having done that, it works
> > perfectly for me with 1.8beta4.
> > Fran�ois
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users