[Snort-users] Dynamic Rule [X:XXXXX] was not initialized properly.

Jeff Meigs jmeigs at ...16864...
Fri Jun 13 11:18:38 EDT 2014



From: Jeff Meigs
Sent: Friday, June 13, 2014 9:10 AM
To: 'Joel Esler (jesler)'
Subject: RE: [Snort-users] Dynamic Rule [X:XXXXX] was not initialized properly.

All Paths were Correct. The rules at the bottom located in SO_RULES_PATH where already uncommented. I can't figure this out. Thing is, it's only occurring on 2 out of 3 of our IDS units. All units have the same files. I went through them line by line. How we pull the rules, the paths, everything. All the same.

Here is some more info though. The Error only occurs at a specific time. Presumably the time the rules are downloaded. It will throw the error like 50+ times  for 3 specific rules(3:29908, 3:16533, 3:8351). I've even tried suppressing these rules to no avail. These errors are all created at the same point in time.  This just started happening about a week ago. We have made no adjustments to any file.

Jeffrey Meigs
IT Operator/Junior Programmer
SunWest ECU

From: Joel Esler (jesler) [mailto:jesler at ...589...]
Sent: Tuesday, June 10, 2014 4:58 PM
To: Jeff Meigs; snort-users mailinglist
Subject: Re: [Snort-users] Dynamic Rule [X:XXXXX] was not initialized properly.

On Jun 10, 2014, at 1:52 PM, Jeff Meigs <jmeigs at ...16864...<mailto:jmeigs at ...843.....16864...>> wrote:

We are

https://github.com/vrtadmin/snort-faq/blob/master/Lists/What-is-the-mailing-list-nettiquete.md
#4

Sounds like you aren't loading them with your snort.conf correctly.  Either check the dynamicplugin directives to make sure it's reference the correct directory, or uncomment the rules at the bottom of the snort.conf that are located in your SO_RULES_PATH.

Also make sure your SO_RULES_PATH is the correct directory.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140613/6a952e18/attachment.html>


More information about the Snort-users mailing list