[Snort-users] Libnet & 'resp'

Brent Kearney brent at ...2359...
Wed Jun 20 17:02:37 EDT 2001


I have installed Libnet 1.0.2a on a solaris 2.7 box that is
running snort 1.7.  After adding a rule,

alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (logto:"/var/log/snort/lp.log"; resp:rst_all,icmp_port; msg:"l
p service is protected. Connection attempt logged.";)

Snort refuses to start:

snort -A full -c /usr/local/etc/snort.conf -i le0 -l /var/log/snort -v

        --== Initializing Snort ==--

Initializing Network Interface le0
Decoding Ethernet on interface le0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

Initializing rule chains...

ERROR: /usr/local/etc/snort.conf (77) => Unknown keyword "resp" in rule!

Any suggestions would be appreciated.  Please CC: brent at ...2359...,
because I'm not on the list.



More information about the Snort-users mailing list