Snort mailing list archives
Re: Payload detection options conf files
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 22 Mar 2012 09:17:06 -0400
Unfortunately no. That rule has to have pkt_data specified in order for it to work. 2.9.2.2 is slated for next week. You may have to just disable that one rule until your upgrade. -- Joel Esler On Mar 22, 2012, at 4:52 AM, "Sacher, Désirée"<Desiree.Sacher () six-group com> wrote:
Hi Guys I currently run Snort version 2.9.0.3. I know this is a very old version, but I’m waiting for version 2.9.2.2. To keep the system running current, I’ve been updating my snort.conf file so I could still download the 2.9.0.5 rules. I’ve been doing that for almost a year now and it has worked well enough. Now with the rules of version 2.9.1.2 it seems, that also Payload detection options have been changed. Where I can tweak those options, so I can manually add the pkt_data option and whatever else might throw compile errors? Mar 22 09:14:37 idssensor snort[21853]: Server side data is trusted Mar 22 09:14:37 idssensor snort[21853]: Sensitive Data preprocessor config: Mar 22 09:14:37 idssensor snort[21853]: Global Alert Threshold: 25 Mar 22 09:14:37 idssensor snort[21853]: Masked Output: DISABLED Mar 22 09:14:37 idssensor snort[21853]: Mar 22 09:14:37 idssensor snort[21853]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mar 22 09:14:37 idssensor snort[21853]: Initializing rule chains... Mar 22 09:14:37 idssensor snort[21853]: FATAL ERROR: /etc/snort/rules/botnet-cnc.rules(418) Unknown rule option: 'pkt_data'. Mar 22 09:14:37 idssensor cfengine:idssensor[21747]: Finished script /etc/init.d/snortd restart Mar 22 09:15:01 idssensor /usr/sbin/cron[22536]: (root) CMD ( /opt/hp/hp-health/bin/check-for-restart-requests) It’s just to keep it running for 1 more month, I promise I’ll make a real update than ;) Cheers des The content of this e-mail is intended only for the confidential use of the person addressed. If you are not the intended recipient, please notify the sender and delete this e-mail immediately. Thank you. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- DAQ Mod issue Chris Standring (Mar 21)
- Re: DAQ Mod issue Michael Altizer (Mar 21)
- Payload detection options conf files Sacher, Désirée (Mar 22)
- Re: Payload detection options conf files Joel Esler (Mar 22)
- Payload detection options conf files Sacher, Désirée (Mar 22)
- Re: DAQ Mod issue Michael Altizer (Mar 21)