[Snort-users] 'asn1' in rules stops snort start up?

This morning on a test machine, snort failed to start up after a rules
update at about 1 a.m. Japan time.

That machine is running snort v2.1.2 (Build 25)

The system log had this to say:

Jul 22 03:15:04 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning:
/etc/snort/rules/exploit.rules(79) => Unknown keyword ' asn1' in rule!
Jul 22 15:07:25 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning:
/etc/snort/rules/exploit.rules(80) => Unknown keyword ' asn1' in rule!
Jul 22 15:08:38 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning:
/etc/snort/rules/netbios.rules(115) => Unknown keyword ' asn1' in rule!
To: asn1

It seems those 2 rules were added today or yesterday

Oinkmaster is set up to use :
http://www.snort.org/dl/rules/snortr...hot-2_1.tar.gz

After commenting out those 4 lines in the 2 rules above (2 in exploit.rules
and 2 in netbios.rules), snort was happy to start up.

I wonder if anyone else is seeing this?

I understand asn1 is a v2.2 feature.

Regards

Ian Masters

--------------------------------------------
Acces (OSD Dept)
<address> 3-5-11 Doshoumachi Chuo-ku Osaka 541-0045 Japan
<tel> 06-6208-1600 (switchboard)
<fax> 06-6208-1610 (switchboard)
<e-mail> ian@acces.co.jp
--------------------------------------------



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users