[Snort-users] community.rules file - failure error during restart or start of snort

Joel Esler (jesler) jesler at ...589...
Wed Apr 30 14:22:04 EDT 2014


On Apr 30, 2014, at 2:10 PM, Farnsworth, Robert <robert.farnsworth at ...14783.....<mailto:robert.farnsworth at ...6440...>> wrote:

Trying to get compliant with the recently announced IE issue.

I have added the latest community.rules file to the rules directory and updated my snort.conf, but am getting a failure error when doing a restart/start.

Snort starts file without the include $RULE_PATH/community.rules entry

Not sure if this helps but get this in the /var/adm/messages file

Apr 30 09:40:04 snort[19732]: [ID 702911 daemon.notice] Encoded Rule Plugin SID: 17684, GID: 3 not registered properly.  Disabling this rule.


That’s not a failure.  It’s just a warning that it can’t load the Shared Object (GID:3) rule 17684.  Which isn’t in community.rules.  So you must also be loading the subscriber (or registered) VRT ruleset?

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140430/b541032a/attachment.html>


More information about the Snort-users mailing list