[Snort-users] Broken snort rule

Matt Jonkman jonkman at ...4024...
Tue Oct 7 17:16:42 EDT 2008


How about unescaped colons and semicolons, etc?

Thanks for the info Matt. I hadn't seen that option. Time to upgrade.

Matt

Matt Olney wrote:
> Actually, in snort 2.8.3.3 <http://2.8.3.3>, the -x control:
> 
> -x         Exit if Snort configuration problems occur
> 
> will fail out on many common rule problems.   For example, duplicate sids.
> 
> Matt
> 
> On Tue, Oct 7, 2008 at 2:30 PM, Paul Schmehl <pauls at ...6838...
> <mailto:pauls at ...6838...>> wrote:
> 
>     --On Tuesday, October 07, 2008 11:48:45 -0500 Matt Jonkman
>     <jonkman at ...4024... <mailto:jonkman at ...4024...>> wrote:
> 
> 
>         Cool, I had stopped testing of the autogenerated rules because
>         it didn't
>         seem to be of much use. Will turn that back on.
> 
>         Is there an easy way to parse the other rules though for more subtle
>         errors? Or force verbosity to get it to tell us about rules ignored?
> 
> 
>     does # snort -Tvvvvvv not do the trick?
> 
>     -- 
>     Paul Schmehl (pauls at ...6838... <mailto:pauls at ...6838...>)
>     Senior Information Security Analyst
>     The University of Texas at Dallas
>     http://www.utdallas.edu/ir/security/
> 
> 

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc






More information about the Snort-users mailing list