[Snort-users] Payload detection options conf files

"Sacher, Désirée" Desiree.Sacher at ...15556...
Thu Mar 22 04:52:07 EDT 2012


Hi Guys

I currently run Snort version 2.9.0.3. I know this is a very old version, but I'm waiting for version 2.9.2.2. To keep the system running current, I've been updating my snort.conf file so I could still download the 2.9.0.5 rules. I've been doing that for almost a year now and it has worked well enough. Now with the rules of version 2.9.1.2 it seems, that also Payload detection options have been changed. Where I can tweak those options, so I can manually add the pkt_data option and whatever else might throw compile errors?

Mar 22 09:14:37 idssensor snort[21853]:     Server side data is trusted
Mar 22 09:14:37 idssensor snort[21853]: Sensitive Data preprocessor config:
Mar 22 09:14:37 idssensor snort[21853]:     Global Alert Threshold: 25
Mar 22 09:14:37 idssensor snort[21853]:     Masked Output: DISABLED
Mar 22 09:14:37 idssensor snort[21853]:
Mar 22 09:14:37 idssensor snort[21853]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mar 22 09:14:37 idssensor snort[21853]: Initializing rule chains...
Mar 22 09:14:37 idssensor snort[21853]: FATAL ERROR: /etc/snort/rules/botnet-cnc.rules(418) Unknown rule option: 'pkt_data'.
Mar 22 09:14:37 idssensor cfengine:idssensor[21747]: Finished script /etc/init.d/snortd restart
Mar 22 09:15:01 idssensor /usr/sbin/cron[22536]: (root) CMD (  /opt/hp/hp-health/bin/check-for-restart-requests)

It's just to keep it running for 1 more month, I promise I'll make a real update than ;)

Cheers
des

The content of this e-mail is intended only for the confidential use of the person addressed. 
If you are not the intended recipient, please notify the sender and delete this email immediately.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120322/52ad54f8/attachment.html>


More information about the Snort-users mailing list