[Snort-users] Current Rule Set

Erek Adams erek at ...577...
Mon Jun 10 15:09:03 EDT 2002


On Mon, 10 Jun 2002, Hall, Duane wrote:

> I just loaded the current rule set and am getting rule errors when
> loading snort.  Is there any way for snort to tell me which rules are
> having errors?  It tells me that there are bad ports.

Duane,

	Which set of rules?  snortrules.tar.gz or snortrules-current.tar.gz?
In most cases the snort.conf has changed and should also be updated.

	Remember:  As listed on the sig download page
( http://www.snort.org/dl/signatures/):

If you are running the 1.8 series (STABLE) of snort, check snortrules.tar.gz.
If you are using the 1.9 series (DEVELOPMENT) of snort, use
snortrules-current.tar.gz.

I'm guessing you've got a version mismatch or didn't update your snort.conf.


And yes--There is a sanity check switch in snort.  From snort -\?:

[...snip...]
        -T         Test and report on the current Snort configuration
[...snip...]

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list