[Snort-users] Remember where a rule came from.

Brian bmc at ...312...
Sat Mar 3 11:36:04 EST 2001


According to Scott A. McIntyre:
> Hi,
> 
> I got this error this morning:
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ERROR Line 19 => Please place "content" rules before depth, nocase or
> offset modifiers.
> Fatal Error, Quiting..
> 
> Which was a bit tricky to track down with the newly split apart rule
> file format (which I do prefer, actually) -- would it be possible to
> either have snort remember which file had a specific rule, or, perhaps
> more useful, on a fatal error present the rule which caused it to break?

Get the latest version from snort.sourceforge.net  (I don't remember which
build it was) There was a patch to do just that.  Snort 1.7.1 will have that
feature, and will be out soon.

-brian




More information about the Snort-users mailing list