RE: Problem with Snort 2.0.4 and Snort Rules

["Mark Ewert" <mewert () ihcis com>]

Fixed my own problem again. I purged all of my rules and config files -
reloaded the same rules tar file I was using before and am now not
receiving the error message. Strange! If anyone has any ideas what might
have caused it I would be interested.
 
THANKS.
 
Mark

---------------------------------------------

Mark F. Ewert, Principal Systems Architect

Integrated Healthcare Information Services

www.ihcis.com <http://www.ihcis.com/> 

 

        -----Original Message-----
        From: Mark Ewert 
        Sent: Tuesday, November 18, 2003 11:54 AM
        To: snort-users () lists sourceforge net
        Subject: Problem with Snort 2.0.4 and Snort Rules
        
        
        Greetings,
         
        I'm having a strange problem with Snort 2.0.4 and the latest
rules. When I execute Snort I get the following messages in
/var/log/messages. I'm running Snort 2.0.4 with Phil Wood's Ring PCAP
library. Anyone have any ideas?
         
        THANKS!
         
        Mark
         
        Warning: /etc/snort/snort_eth0/exploit.rules(39) => Unknown
keyword 'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/exploit.rules(39) => Unknown
keyword 'pcre' in rule!
        Warning: /etc/snort/snort_eth0/exploit.rules(41) => Unknown
keyword 'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/exploit.rules(41) => Unknown
keyword 'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(6) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(6) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(7) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(7) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(8) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(8) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(9) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(9) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(10) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(10) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(11) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(11) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(12) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(12) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(14) => Unknown keyword
'isdataat' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(14) => Unknown keyword
'pcre' in rule!
        Warning: /etc/snort/snort_eth0/ftp.rules(15) => Unknown keyword
'isdataat' in rule!

        NOTE: this repeats for about 100+ rules.

        ---------------------------------------------

        Mark F. Ewert, Principal Systems Architect

        Integrated Healthcare Information Services

        www.ihcis.com <http://www.ihcis.com/> 

         

         


---------------------------------------------------------------------------
This e-mail and the information transmitted within it is intended only
for the recipient(s) to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or 
other use of; or taking of any action in reliance upon this information
by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please send the e-mail back to notify the
sender and delete the message and its contents from any computers and
network systems involved in its receipt. Thank you.