[Snort-users] config parser feature/failure?

Thomas Linden tom at ...2120...
Sat May 26 17:59:41 EDT 2001


Hi,

I tried to add my own ruletype definition in my snort.conf. My first try:

ruletype icmp_info {
  type alert
  output alert_fast: icmp.info.log
}

ended up with the following error-message:

ERROR line /etc/snort.conf (25): Type not defined for rule file
declaration: icmp_info

then I changed it to:

ruletype icmp_info
{
  type alert
  output alert_fast: icmp.info.log
}

and, voilá! it worked.


IMO it would be nice if the first "coding style" could work too :-)



kind regards, Tom



-- 
=> PGP key:  http://daemon.de/key.txt 
=> "Experience is what you got  when
=>  you did not get what you wanted."





More information about the Snort-users mailing list