Snort mailing list archives
getservbyname() failed on "any" when pushing snort conf
From: martin <martin3 () gmail com>
Date: Fri, 19 May 2006 11:34:43 -0400
This is strange but the problem reappeared. I removed all instances of "any" in the variables. Now I am getting the following: ERROR: Warning: /etc/snort/snort.eth1.conf(1077) => Unknown keyword ' (msg' in rule! Fatal Error, Quitting.. I fixed the rule (seems like it was a bad rule from bleeding snort). THat went away but now I get: ERROR: /etc/snort/snort.eth1.conf(1148) => getservbyname() failed on "any" Fatal Error, Quitting.. That line is: alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 ( sid: 2001430; rev: 8; msg: "BLEEDING-EDGE WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content: "GET "; nocase; content: "reactor"; nocase; reference: url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; reference: url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e () mm html; classtype: trojan-activity; priority: 1;) I am thinking that it could be due to my older snort version. Which is Version 2.1.1 (Build 24). Could it be bleeding snort rules would not work on that one? Any help on this would be much appreciated. ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid7521&bid$8729&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- getservbyname() failed on "any" when pushing snort conf martin (May 25)
- Re: getservbyname() failed on "any" when pushing snort conf martin (May 25)