snort, trying to get this working how i want it

[Keith.Pachulski () corp ptd net (Keith Pachulski)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
I`m trying to get snort to log to syslog facility local6.info but it won`t
work. if I don`t specify a logto directory it createes the directory of the
source IP. When I do specify a logto it logs to that file

output alert_syslog: LOG_LOCAL6 LOG_INFO

alert icmp !$HOME_NET any -> $HOME_NET any (msg:"IDS159 - PING Microsoft
Windows"; content:"|6162636465666768696a6b6c6d6e6f70|";itype:8;depth:32;)

# ./snort -c ruletest 

Initializing Network Interface...
   => Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

Segmentation fault

problem two, when I try to use the resp command it crashes with -> ERROR:
ruletest (10) => Unknown keyword "resp" in rule!
alert tcp any any -> $HOME_NET 21 (msg:"IDS213 - FTP-Password Retrieval";
content:"passwd"; flags: AP; resp: rst_all;)