[Snort-users] new snort install, error when starting snort service

Benjamin Bennett ben at ...11836...
Wed Apr 18 17:37:59 EDT 2007


Michael Giornesto wrote:
[snip]
> ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to parse
> pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi"

This looks to be missing a leading slash, "/fn=Eye\d{4}_\d{2}.log/Rmsi"

> Line 452 in /etc/snort/rules/web-misc.rules shows...
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam
> ComGetLogFile.php3 log information disclosure";
> flow:to_server,established; content:"/ComGetLogFile.php3"; alert tcp
> $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam
> ComGetLogFile.php3 log information disclosure";
> flow:to_server,established; content:"/ComGetLogFile.php3";

Are you sure about this?  It looks like the beginning of the rule twice.

Try 'grep -n fn=Eye /etc/snort/rules/web-misc.rules' ?


--ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070418/54d287d4/attachment.sig>


More information about the Snort-users mailing list