List Info

Thread: Rules FATAL ERROR
Rules FATAL ERROR
user name
 2006-10-12 14:49:23 
Hello, I'm a new member to this list so forgive me if this
topic
has already been discussed.

During the last 2 nights download of updates to the bleeding
rules
I have encountered a FATAL ERROR and snort refuses to start.

The rule that causes the FATAL ERROR is an added disabled
rule to
"bleeding-virus.rules". The /var/log/messages
contains the entry
"Unknown rule type followed by several lines of hex
code strings.

The SID of this disabled rule (the rule has "#"
preceding it) is
2003118. The only way I have found to solve this problem is
to
delete all the lines of this disabled rule. Once the rule
has
been erased then snort starts up happy.

Any comments?

 	Dick Smith

-- 
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
Rules FATAL ERROR
user name
 2006-10-12 14:55:11 
What version of snort are you running? I'd guess you're
hitting the line
length max issue.

Matt

Dick Smith wrote:
> 
> Hello, I'm a new member to this list so forgive me if
this topic
> has already been discussed.
> 
> During the last 2 nights download of updates to the
bleeding rules
> I have encountered a FATAL ERROR and snort refuses to
start.
> 
> The rule that causes the FATAL ERROR is an added
disabled rule to
> "bleeding-virus.rules". The /var/log/messages
contains the entry
> "Unknown rule type followed by several lines of
hex code strings.
> 
> The SID of this disabled rule (the rule has
"#" preceding it) is
> 2003118. The only way I have found to solve this
problem is to
> delete all the lines of this disabled rule. Once the
rule has
> been erased then snort starts up happy.
> 
> Any comments?
> 
>     Dick Smith
> 

-- 
--------------------------------------------
Matthew Jonkman, CISSP
765-429-0398 Direct
http://my.infotex.com
http://www.infotex.com
http://www.bleedingsnort
.com
--------------------------------------------


_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
Rules FATAL ERROR
user name
 2006-10-12 15:31:46 
This is the version I'm running.

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.3.3 (Build 14)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/t
eam.html
           (C) Copyright 1998-2004 Sourcefire Inc., et al.

     Dick

On Thu, 12 Oct 2006, Matt Jonkman wrote:

> What version of snort are you running? I'd guess you're
hitting the line
> length max issue.
>
> Matt
>
> Dick Smith wrote:
>>
>> Hello, I'm a new member to this list so forgive me
if this topic
>> has already been discussed.
>>
>> During the last 2 nights download of updates to the
bleeding rules
>> I have encountered a FATAL ERROR and snort refuses
to start.
>>
>> The rule that causes the FATAL ERROR is an added
disabled rule to
>> "bleeding-virus.rules". The
/var/log/messages contains the entry
>> "Unknown rule type followed by several lines
of hex code strings.
>>
>> The SID of this disabled rule (the rule has
"#" preceding it) is
>> 2003118. The only way I have found to solve this
problem is to
>> delete all the lines of this disabled rule. Once
the rule has
>> been erased then snort starts up happy.
>>
>> Any comments?
>>
>>     Dick Smith
>>
>
>

-- 
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
Rules FATAL ERROR
user name
 2006-10-12 15:36:22 
Ya, you'll need to upgrade, or delete that line.

At least get to the 2.4 series latest and you'll be set.

Matt

Dick Smith wrote:
> 
> This is the version I'm running.
> 
>   ,,_     -*> Snort! <*-
>  o"  )~   Version 2.3.3 (Build 14)
>   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/t
eam.html
>           (C) Copyright 1998-2004 Sourcefire Inc., et
al.
> 
>     Dick
> 
> On Thu, 12 Oct 2006, Matt Jonkman wrote:
> 
>> What version of snort are you running? I'd guess
you're hitting the line
>> length max issue.
>>
>> Matt
>>
>> Dick Smith wrote:
>>>
>>> Hello, I'm a new member to this list so forgive
me if this topic
>>> has already been discussed.
>>>
>>> During the last 2 nights download of updates to
the bleeding rules
>>> I have encountered a FATAL ERROR and snort
refuses to start.
>>>
>>> The rule that causes the FATAL ERROR is an
added disabled rule to
>>> "bleeding-virus.rules". The
/var/log/messages contains the entry
>>> "Unknown rule type followed by several
lines of hex code strings.
>>>
>>> The SID of this disabled rule (the rule has
"#" preceding it) is
>>> 2003118. The only way I have found to solve
this problem is to
>>> delete all the lines of this disabled rule.
Once the rule has
>>> been erased then snort starts up happy.
>>>
>>> Any comments?
>>>
>>>     Dick Smith
>>>
>>
>>
> 

-- 
--------------------------------------------
Matthew Jonkman, CISSP
765-429-0398 Direct
http://my.infotex.com
http://www.infotex.com
http://www.bleedingsnort
.com
--------------------------------------------


_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )