[Snort-users] Snort rules touble.
jgauthier at ...6155...
Fri Jun 21 09:21:09 EDT 2002
I just installed snort, so I'm a completely new user. I've been reading many
documents about set up, configs, etc. I realize snort is a complicated
piece of software.
Anyway, I compiled and installed snort without issue. I extracted the
rules, read the documentation on how to start it. I edit a snort.conf, and
was ready to go.
/opt/snort/bin/snort -dev -l /opt/snort/logs -c /opt/snort/etc/snort.conf
Starts up and the errors out:
ERROR /opt/snort/rules/bad-traffic.rules(19) => Bad protocol name ">134"
Eh, Not too bad. So i read some more, and then edit the rule.
I decide to comment it out, so I can fix it later, for now, I would like to
get snort running.
ERROR: /opt/snort/rules/exploit.rules(7) => Unknown keyword "flow" in rule!
So, i check out this rule file and notice they all have "flow" in them.
I now decide something is completely wrong :)
This is "current", as I had the same problems with the rules with 1.8.6.
Appreciate any insight.
More information about the Snort-users