Snort mailing list archives
Re: Broken snort rule
From: "Matt Olney" <molney () sourcefire com>
Date: Tue, 7 Oct 2008 11:26:16 -0400
That would be a good idea, but in this case, 2.8 throws a fatal error: Initializing rule chains... ERROR: /home/molney/etc/rules/local.rules(14) => Empty IP used either as source IP or as destination IP in a rule. IP list: []. Fatal Error, Quitting.. So, you should at least be able to test that the rules load. Matt On Tue, Oct 7, 2008 at 11:11 AM, Matt Jonkman <jonkman () jonkmans com> wrote:
Yes, it would. But we used to rely on an error report from snort. Now it just ignores and goes on.... So no real good automated way to do so. There was talk about a switch to have snort exit on an error. Any traction with that? If you have a good automated way we can use I'd love to hear it. Matt Brian Caswell wrote:On Tue, Oct 7, 2008 at 9:37 AM, Matt Jonkman <jonkman () jonkmans com <mailto:jonkman () jonkmans com>> wrote: Thats an issue for emerging-sigs, but thanks for reporting it. Script error not watching for an even number of IPs. Fixed up, canyoupull again and retest for me? Perhaps it would be a good idea to ... I donno, test the rules before releasing them? Brian-- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Broken snort rule James Lay (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Re: Broken snort rule Brian Caswell (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Re: Broken snort rule Matt Olney (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Message not available
- Re: Broken snort rule Matt Olney (Oct 07)
- Re: Broken snort rule Matt Olney (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Message not available
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Re: Broken snort rule Brian Caswell (Oct 07)
- Re: Broken snort rule Markus Lude (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)