Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Current Rule Set

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 10 Jun 2002 15:08:13 -0700 (PDT)
On Mon, 10 Jun 2002, Hall, Duane wrote:


I just loaded the current rule set and am getting rule errors when
loading snort.  Is there any way for snort to tell me which rules are
having errors?  It tells me that there are bad ports.


Duane,

        Which set of rules?  snortrules.tar.gz or snortrules-current.tar.gz?
In most cases the snort.conf has changed and should also be updated.

        Remember:  As listed on the sig download page
( http://www.snort.org/dl/signatures/):

If you are running the 1.8 series (STABLE) of snort, check snortrules.tar.gz.
If you are using the 1.9 series (DEVELOPMENT) of snort, use
snortrules-current.tar.gz.

I'm guessing you've got a version mismatch or didn't update your snort.conf.


And yes--There is a sanity check switch in snort.  From snort -\?:

[...snip...]
        -T         Test and report on the current Snort configuration
[...snip...]

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: