Carlos Vicente (Gmail)
2017-12-15 10:35:45 UTC
Hi all,
Is anyone having problems with snort rules? Everything was working fine till
2 days ago when snort service stopped and returning errors, such as:
FATAL ERROR: /usr/local/etc/snort/snort_16397_em1/rules/snort.rules(1354)
Rule options must be enclosed in '(' and ')'.
WARNING: /usr/local/etc/snort/snort_16397_em1/rules/snort.rules(1353) appid
metadata "cisco_sla" unknown.
.
I have Snort 3.2.9.5_4 running on pfS 2.3.5
I did some troubleshooting: corrected the (several) errors in the file
"snort.rules" on the lines pointed in the logs, started the snort service
from "Status -> Services" (NOT from Services -> Snort) and the problem was
solved till the next scheduled rule update.
Thanks in advance.
Carlos Vicente
Is anyone having problems with snort rules? Everything was working fine till
2 days ago when snort service stopped and returning errors, such as:
FATAL ERROR: /usr/local/etc/snort/snort_16397_em1/rules/snort.rules(1354)
Rule options must be enclosed in '(' and ')'.
WARNING: /usr/local/etc/snort/snort_16397_em1/rules/snort.rules(1353) appid
metadata "cisco_sla" unknown.
.
I have Snort 3.2.9.5_4 running on pfS 2.3.5
I did some troubleshooting: corrected the (several) errors in the file
"snort.rules" on the lines pointed in the logs, started the snort service
from "Status -> Services" (NOT from Services -> Snort) and the problem was
solved till the next scheduled rule update.
Thanks in advance.
Carlos Vicente