[Snort-users] Snort rules touble.

Ryan Russell ryan at ...35...
Fri Jun 21 10:00:05 EDT 2002


On Fri, 21 Jun 2002, Jason Gauthier wrote:

> Starts up and the errors out:
> ERROR /opt/snort/rules/bad-traffic.rules(19) => Bad protocol name ">134"
>
> Eh, Not too bad. So i read some more, and then edit the rule.
> I decide to comment it out, so I can fix it later, for now, I would like to
> get snort running.
>
> Immediately follows:
> ERROR: /opt/snort/rules/exploit.rules(7) => Unknown keyword "flow" in rule!

You're trying to use the 1.9 ruleset with 1.8.x.  The rules you want are:
http://www.snort.org/dl/signatures/snortrules.tar.gz

"Current" in this instance means the current development version, which
will be released as 1.9 at some point.  If you're new to Snort, you're
probably better off continuing with the 1.8.x you have, and using the
ruleset I mentioned.

					Ryan





More information about the Snort-users mailing list