Hi Laurence,
If you have upgraded from an older version of snort, make sure that you
are using the snort.conf that came with snort-2.8.0 as the starting
point for migrating your customizations to that file from the old version.
Among other things, snort-2.8.0 replaced flow with stream5, and
attempting to use flow-based rules on UDP traffic without stream5 can
cause problems.
(I'm from Dublin originally, by the way - nice to see another Paddy on
the list!).
CP
Laurence Moughan wrote:
Hi All,
Solaris 8 - Snort 2.8
Apr 17 16:39:31 obeids01 snort[19974]: [ID 379120 daemon.error] FATAL
ERROR: /usr/local/etc/snort/./rules/bad-traffic.rules(28: Cannot check
flow connection for non-TCP traffic
I Manged to get past that by commenting the udp lines, but then the next
ruleset is same,
and the next
and the next
I can't just copmment nearly every rule !!
is theer a fix for this ?
Apr 17 17:01:54 obeids01 snort[21890]: [ID 379120 daemon.error] FATAL
ERROR: /usr/local/etc/snort/./rules/rpc.rules(33): Cannot check flow
connection for non-TCP traffic
Any ideas ?
I'm using the latest 2.8 rule set ( registered users )
,,_ -*> Snort! <*-
o" )~ Version 2.8.0 (Build 67)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.
Using PCRE version: 4.5 01-December-2003
..For low fares and great deals on hotels, car hire and travel insurance
visit http://www.aerlingus.com
*******************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any review, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited.If you have received
this email in error please notify the sender immediately and delete
the material.
*******************************************************************************
Aer Lingus Limited
Registered in Ireland
Company Number 9215
Registered Office at Dublin Airport, Dublin,Ireland.
*******************************************************************************
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
