[Snort-users] RE: Problem with Snort 2.0.4 and Snort Rules

Mark Ewert mewert at ...10516...
Tue Nov 18 10:47:42 EST 2003


Fixed my own problem again. I purged all of my rules and config files -
reloaded the same rules tar file I was using before and am now not
receiving the error message. Strange! If anyone has any ideas what might
have caused it I would be interested.
 
THANKS.
 
Mark

---------------------------------------------

Mark F. Ewert, Principal Systems Architect

Integrated Healthcare Information Services

www.ihcis.com <http://www.ihcis.com/> 

 

	-----Original Message-----
	From: Mark Ewert 
	Sent: Tuesday, November 18, 2003 11:54 AM
	To: snort-users at lists.sourceforge.net
	Subject: Problem with Snort 2.0.4 and Snort Rules
	
	
	Greetings,
	 
	I'm having a strange problem with Snort 2.0.4 and the latest
rules. When I execute Snort I get the following messages in
/var/log/messages. I'm running Snort 2.0.4 with Phil Wood's Ring PCAP
library. Anyone have any ideas?
	 
	THANKS!
	 
	Mark
	 
	Warning: /etc/snort/snort_eth0/exploit.rules(39) => Unknown
keyword 'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/exploit.rules(39) => Unknown
keyword 'pcre' in rule!
	Warning: /etc/snort/snort_eth0/exploit.rules(41) => Unknown
keyword 'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/exploit.rules(41) => Unknown
keyword 'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(6) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(6) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(7) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(7) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(8) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(8) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(9) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(9) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(10) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(10) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(11) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(11) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(12) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(12) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(14) => Unknown keyword
'isdataat' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(14) => Unknown keyword
'pcre' in rule!
	Warning: /etc/snort/snort_eth0/ftp.rules(15) => Unknown keyword
'isdataat' in rule!

	NOTE: this repeats for about 100+ rules.

	---------------------------------------------

	Mark F. Ewert, Principal Systems Architect

	Integrated Healthcare Information Services

	www.ihcis.com <http://www.ihcis.com/> 

	 

	 


---------------------------------------------------------------------------
This e-mail and the information transmitted within it is intended only
for the recipient(s) to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or 
other use of; or taking of any action in reliance upon this information
by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please send the e-mail back to notify the
sender and delete the message and its contents from any computers and
network systems involved in its receipt. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031118/977931cf/attachment.html>


More information about the Snort-users mailing list