[Snort-users] Snort rules touble.

Slighter, Tim tslighter at ...5174...
Fri Jun 21 09:51:02 EDT 2002

On occasion things that might cause these type of errors, especially if
everything configured and compiled fine are syntax errors in the rules files
or the snort.conf file.  Perhaps you could go back through the files that
you recently changed and find the sections that you edited and see if there
is a missing semicolon, colon or parentheses or anything pertaining to

-----Original Message-----
From: Jason Gauthier [mailto:jgauthier at ...6155...]
Sent: Friday, June 21, 2002 10:21 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort rules touble.


I just installed snort, so I'm a completely new user. I've been reading many
documents about set up, configs, etc.  I realize snort is a complicated
piece of software.

Anyway, I compiled and installed snort without issue.  I extracted the
rules, read the documentation on how to start it.  I edit a snort.conf, and
was ready to go.

I executed:

/opt/snort/bin/snort -dev -l /opt/snort/logs -c /opt/snort/etc/snort.conf

Starts up and the errors out:
ERROR /opt/snort/rules/bad-traffic.rules(19) => Bad protocol name ">134"

Eh, Not too bad. So i read some more, and then edit the rule.  
I decide to comment it out, so I can fix it later, for now, I would like to
get snort running.

Immediately follows:
ERROR: /opt/snort/rules/exploit.rules(7) => Unknown keyword "flow" in rule!

So, i check out this rule file and notice they all have "flow" in them.
I now decide something is completely wrong :)

This is "current", as I had the same problems with the rules with 1.8.6.

Appreciate any insight.

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list