[Snort-users] ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to byte_test:

Erek Adams erek at ...950...
Sat Jul 5 10:19:05 EDT 2003


On Sat, 5 Jul 2003, Andre Cameron wrote:

> I need a little help.  I have Snort 2.0 and SnortCenter 1.0 w/ snort
> agent. I setup using the enterprise install guide on the snortcenter
> website.  Problem is after importing the rules from the net and pushing
> them to the agent when I reload I get:
>
> ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to
> byte_test:

[...snip...]

> Anyone know how to fix this?

Yep.  Ditch Snortcenter.  It's b0rken.  But don't take my word for it,
make your own conclusion [0].

> Also I have a question, does anyone know of a good firewall for *Nix &
> windows that can use a central database across multiple servers?  Maybie
> even one that plugs in with Snort for auto blocking?

Note:  There are some serious inherent dangers with firewalls and
autoblocking.  Again, make your own conclusion [1].

If you really, really have to have an autoblock feature, go check out
SnortSam [2].  It works smartly and safely to send rule updates to
firewalls.  Supports quite a few of them.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=snortcenter+byte&q=b
[1] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=autoblock&q=b
[2] http://www.snortsam.net/




More information about the Snort-users mailing list