[Snort-users] rule type declarations type "drop"
justinjoseph007 at ...11827...
Tue Nov 24 05:10:14 EST 2009
On Tue, Nov 24, 2009 at 2:50 PM, justin joseph
<justinjoseph007 at ...11827...> wrote:
> On Tue, Nov 24, 2009 at 2:16 PM, justin joseph
> <justinjoseph007 at ...11827...> wrote:
>> I wanted to have a separate log file for action "drop" (inline-mode)
>> and as mentioned in the snort manual
>> tested ruletype declarations. I changed "drop" to "mydrop" in the
>> rules file and in the snort.conf file gave
>> the below mydrop ruletype declaration:
>> ruletype mydrop
>> type drop
>> output alert_full: /var/log/snort/mydrop.full
>> This does not work with the below error:
>> ERROR: /etc/snort/snort-ips.conf(702): Invalid type for rule type
>> declaration: drop
>> Fatal Error, Quitting..
> I were running snort-2.8.4. looking at the sources of the latest
> stable release snort-126.96.36.199, figured
> out that type "drop" is now supported. But while attempting to
> compile and then run 188.8.131.52 'am getting
> the below error:
> ERROR: plugbase.c(911) Snort config for parsing is NULL.
> Fatal Error, Quitting..
> I have not changed anything other than the snort version from 2.8.4 to
> 184.108.40.206, /etc/snort files
> including the snort.conf is unchanged from 2.8.4.
the library paths in the conf file had to be changed. Now things work
as expected(in 220.127.116.11 version)
with support for ruletype declaration type "drop".
More information about the Snort-users