[Snort-users] [snort-user] invalid rules to parse

Mayur Patil ram.nath241089 at ...11827...
Fri Sep 6 07:15:20 EDT 2013


Hi,

    When I parsed this rule it gives me from rule generator

    alert tcp [172.20.54.212,172.20.54.213] any -> $HOME_NET 514 (msg:"DOS
flood denial of service attempt";flow:to_server; detection_filter:track
by_dst, count 50, seconds 1; metadata:service syslog;
classtype:attempted-dos; sid:25101; rev:1;)


it gives me error of invalid rules to parse

  but when I try by cutting

  "detection_filter:track by_dst, count 50, seconds 1;"

  rest of the rule has generated the code.

   I am following syntax from manual then why is it givng me error ?

  Seeking for guidance,

  Please help !

  Thanks !

*--
*
*Cheers,
*
*Mayur
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130906/bea2d2bb/attachment.html>


More information about the Snort-users mailing list