Project

General

Profile

Actions

Bug #272

closed

Snort rules don't work

Added by aleck asd over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

I have used snortrules-snapshot-2902 and 2853, however when I run suricata I get a lot of errors, am I doing something wrong?
I have also download http://www.emergingthreats.net/rules/emerging.rules.tar.gz with no success. I'm attaching the a file with the errors I got when suricata was reading a Darpa tcpdump dataset


Files

errors.txt (310 KB) errors.txt aleck asd, 02/03/2011 12:11 PM
Actions #1

Updated by Victor Julien over 13 years ago

The errors are mostly (all) warnings that are harmless. I assume that was the 2853 set? I see that you're using Suricata 1.0.0, please upgrade to 1.0.2 or 1.1beta1. That last version supports a lot, but not yet all, of the 2902 ruleset.

Actions #2

Updated by aleck asd over 13 years ago

Thanks, I got better results. Just one more question, is there any other ruleset that works 100% with suricata?

Actions #3

Updated by Victor Julien over 13 years ago

Yes, the Emerging Threats project has a dedicated Suricata version.

Actions #4

Updated by Victor Julien over 13 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF