[Snort-users] 'asn1' in rules stops snort start up?

Ian Masters ian at ...12163...
Thu Jul 22 00:16:02 EDT 2004


This morning on a test machine, snort failed to start up after a rules
update at about 1 a.m. Japan time.

That machine is running snort v2.1.2 (Build 25)

The system log had this to say:

Jul 22 03:15:04 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning:
/etc/snort/rules/exploit.rules(79) => Unknown keyword ' asn1' in rule!
Jul 22 15:07:25 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning:
/etc/snort/rules/exploit.rules(80) => Unknown keyword ' asn1' in rule!
Jul 22 15:08:38 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning:
/etc/snort/rules/netbios.rules(115) => Unknown keyword ' asn1' in rule!
To: asn1

It seems those 2 rules were added today or yesterday

Oinkmaster is set up to use :
http://www.snort.org/dl/rules/snortrules-snapshot-2_1.tar.gz

After commenting out those 4 lines in the 2 rules above (2 in exploit.rules
and 2 in netbios.rules), snort was happy to start up.

I wonder if anyone else is seeing this?

I understand asn1 is a v2.2 feature.

Regards

Ian Masters

--------------------------------------------
Acces (OSD Dept)
<address> 3-5-11 Doshoumachi Chuo-ku Osaka 541-0045 Japan
<tel> 06-6208-1600 (switchboard)
<fax> 06-6208-1610 (switchboard)
<e-mail> ian at ...12163...
--------------------------------------------





More information about the Snort-users mailing list