[Snort-users] Hi All,

CunningPike cunningpike at ...11827...
Fri Apr 18 23:57:38 EDT 2008


Hi Laurence,

If you have upgraded from an older version of snort, make sure that you 
are using the snort.conf that came with snort-2.8.0 as the starting 
point for migrating your customizations to that file from the old version.

Among other things, snort-2.8.0 replaced flow with stream5, and 
attempting to use flow-based rules on UDP traffic without stream5 can 
cause problems.

(I'm from Dublin originally, by the way - nice to see another Paddy on 
the list!).

CP

Laurence Moughan wrote:
> Hi All,
>  
>  
>  Solaris 8 - Snort 2.8
> 
> 
> Apr 17 16:39:31 obeids01 snort[19974]: [ID 379120 daemon.error] FATAL 
> ERROR: /usr/local/etc/snort/./rules/bad-traffic.rules(28: Cannot check 
> flow connection for non-TCP traffic
> 
> I Manged to get past that by commenting the udp lines, but then the next 
> ruleset is same,
> and the next
> and the next
>  
> I can't just copmment nearly every rule !!
> 
> is theer a fix for this ?
> 
> Apr 17 17:01:54 obeids01 snort[21890]: [ID 379120 daemon.error] FATAL 
> ERROR: /usr/local/etc/snort/./rules/rpc.rules(33): Cannot check flow 
> connection for non-TCP traffic
>  
> Any ideas ?
> 
> I'm using the latest 2.8 rule set ( registered users )
> 
> ,,_ -*> Snort! <*-
> o" )~ Version 2.8.0 (Build 67)
> '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
> (C) Copyright 1998-2007 Sourcefire Inc., et al.
> Using PCRE version: 4.5 01-December-2003
> 
>  
> 
> ..For low fares and great deals on hotels, car hire and travel insurance 
> visit http://www.aerlingus.com
> 
> *******************************************************************************
> 
> This email and any files transmitted with it are confidential and
> 
> intended solely for the use of the individual or entity to whom they
> 
> are addressed. Any review, dissemination or other use of, or taking
> 
> of any action in reliance upon, this information by persons or entities
> 
> other than the intended recipient is prohibited.If you have received
> 
> this email in error please notify the sender immediately and delete
> 
> the material.
> 
> *******************************************************************************
> 
> Aer Lingus Limited
> 
> Registered in Ireland
> 
> Company Number 9215
> 
> Registered Office at Dublin Airport, Dublin,Ireland.
> 
> *******************************************************************************
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list