[Snort-users] Unknown keyword "flow" in rule!

Steve Ochani jpegny at ...549...
Sat Mar 30 15:10:20 EST 2002

Hello all,

I'm running snort 1.8.3 (prebuilt package) on SunOS 5.8 on a ultra 10.

I wanted to start to use 1.8.4 and snortrules-current.tar.gz.

I removed 1.8.3 via pkgrm, wiped out the old rules and installed 

snort-1.8.4-solaris8.pkg.gz and put snortrules-current.tar.gz, configured snort.conf etc and tried 
to start snort by using this command line

/opt/snort/bin/snort -o -d -D -A fast -c /opt/snort/etc/snort.conf

but I received the following error (in the /var/adm/messages) 

ERROR: ./exploit.rules(7) => Unknown keyword "flow" in rule!

I have also tried


(which is 1.8.3) and no go

What am I doing wrong? Whould I build 1.8.4 from source (why would that be diff then the 
prebuilt package?)

Also is there a searchable archive of this mailing list?

Thanks for any help

More information about the Snort-users mailing list