[Snort-users] Bleeding rules

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Wed Nov 3 00:46:08 EST 2004


--On 02 November 2004 17:40 +0200 Rocio Alfonso Pita <rozio at ...3881...> 
wrote:

> Hello,
>
>   I activate bleeding rules in a computer, and when I add these files to
> my  snort.conf:
>
> [+] Added files: [+]
>
>     -> bleeding-inappropriate.rules
>     -> bleeding-malware.rules
>     -> bleeding-p2p.rules
>     -> bleeding-policy.rules
>     -> bleeding-sid-msg.map
>     -> bleeding-virus.rules
>     -> bleeding.rules
>
>   snort not start with this error:
>
> Nov 02 10:23:11 pc snort: FATAL
> ERROR: /var/oinkmaster/rules/bleeding-sid-msg.map(1) => Unknown rule
> type:  2000002
>
>   what is the problem? If I comment the line with "bleeding-sid-msg.map",
> snort runs well.

.map files are not in the snort configuration file syntax. Therefore, don't 
include them, paste them in, or anything of that sort.

They're for use by external applications (e.g. the mudpit spool processor).

>   Thanks and regards,
>      rozio

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list