Snort mailing list archives
Re: Syntax error in NSM
From: Wei Chea Ang <weichea () gmail com>
Date: Thu, 16 May 2013 11:59:11 +0800
I have experienced with nsm where some of the rule options are not being recognised. On 16 May, 2013 10:01 AM, "waldo kitty" <wkitty42 () windstream net> wrote:
On 5/10/2013 07:30, elmo second wrote:I understand there is an issue importing Snort rules into McAfee NSM. I am trying to import a rule to alert for FTP anonymous: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTPanonymouslogin attempt"; flow:to_server,established; content:"USER";fast_pattern:only;pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; metadata:rulesetcommunity,service ftp; classtype:misc-activity; sid:553; rev:13; ) I am receiving a syntax error. Any assistance appreciated.what is the supposed "syntax" error? without that, all anyone can do is make WAGs... at best they might be eWAGs... WAG == Wild Arsed Guess eWAG == educated WAG -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Syntax error in NSM elmo second (May 15)
- Re: Syntax error in NSM Joel Esler (May 15)
- Re: Syntax error in NSM waldo kitty (May 15)
- Re: Syntax error in NSM Wei Chea Ang (May 15)