[Snort-users] Help with content-list usage - Unable to open list file: Sven_da_duder

Sean Wheeler s.wheeler at ...2876...
Thu Oct 17 08:29:04 EDT 2002


hi,

I have setup a rule :
alert tcp $ANY_Servers $any -> $ANY_Servers $http (msg:"Custom
Rules";classtype:web-application-attack;content-list:Sven_da_duder;)

Don't worry about the rule except for the content-list:Sven_da_duder piece

When I run snort with :

/usr/local/sensor/bin/snort -t /usr/local/sensor -N -c /etc/snorted.conf -i
eth0 -T

I get :
....
database: using the "alert" facility
Unable to open list file: Sven_da_duder
Fatal Error, Quitting..

I have placed the file Sven_da_duder in /usr/local/sensor/etc &
/usr/local/sensor/etc/rules

I tried popping it in /usr/local/sensor/bin aswell and still no joy

permission 644 so all can read the file

Do I need to make an include in my conf file for each content-list file?

I am a lil stumped, your help would be much appreciated

regards

Sean





More information about the Snort-users mailing list