[Snort-users] snortrules-snapshot-2_1.tar.gz and flowbits?

Brian bmc at ...950...
Fri Feb 6 08:34:07 EST 2004


On Thu, Feb 05, 2004 at 04:10:15PM -0500, David Gianndrea wrote:
> Did I miss something on the list? Is the snortrules-snapshot-2_1.tar.gz
> Rules updates supposed to have the flowbits option? I know that
> 2.1.1-RC1 has this option, but I thought that it would be in the
> CURRENT rules. Im running 2.1 so which rules snapshot should be
> used?
> 
> 
> FATAL ERROR: Warning: 
> /usr/local/snort-eth3/etc/../rules/netbios.rules(30) => Unknown keyword 
> ' flowbits'
>  in rule!

Sorry about that.  2.1.0 has a number of bugs and will be unsupported
as soon as 2.1.1 is released.  (hopefully very soon)

You have 3 options.  

1) disable all of the rules that have flowbits.  There are only 6 of
   them, so it should not be hard to find them.
2) use the 2.0 rulesets with the 2.1 snort.conf
3) upgrade to 2.1.1RC1 

Brian




More information about the Snort-users mailing list