Home page logo

snort logo Snort mailing list archives

Re: Syntax error in NSM
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 15 May 2013 21:12:07 -0400

On May 10, 2013, at 7:30 AM, elmo second <elmosecond () hotmail com> wrote:

I understand there is an issue importing Snort rules into McAfee NSM.
I am trying to import a rule to alert for FTP anonymous:
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTP anonymous login attempt"; 
flow:to_server,established; content:"USER"; fast_pattern:only; pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; 
metadata:ruleset community, service ftp; classtype:misc-activity; sid:553; rev:13; )
I am receiving a syntax error.
Any assistance appreciated.


I suggest you contact Mcafee support for help with a Mcafee product.  The Snort user group is not the place to ask for 
help with that.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]