Add new comment

Want to support HowtoForge? Become a subscriber!
If you get an error while test running snort
Submitted by masterpop3 (registered user) on Thu, 2007-04-26 04:53.

if you running test snort.

snort -c /etc/snort/snort.conf

and get an error like this : 

ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to parse pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi"
Fatal Error, Quitting..

Solution :

you must edit file /etc/snort/rules/web-misc.rules with your favorite text editor, on Line 452 . and :

change/add line above :
pcre:"fn=Eye\d{4}_\d{2}.log/Rmsi"

with :
pcre:"/fn=Eye\d{4}_\d{2}.log/Rmsi"

Just add '/' in front line. 

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Images can be added to this post.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <div>
  • Lines and paragraphs break automatically.
More information about formatting options