Re: [Snort-users] Hi All,

Hi Laurence,

If you have upgraded from an older version of snort, make sure that you
are using the snort.conf that came with snort-2.8.0 as the starting
point for migrating your customizations to that file from the old version.

Among other things, snort-2.8.0 replaced flow with stream5, and
attempting to use flow-based rules on UDP traffic without stream5 can
cause problems.

(I'm from Dublin originally, by the way - nice to see another Paddy on
the list!).

CP

Laurence Moughan wrote:
> Hi All,
>
>
> Solaris 8 - Snort 2.8
>
>
> Apr 17 16:39:31 obeids01 snort[19974]: [ID 379120 daemon.error] FATAL
> ERROR: /usr/local/etc/snort/./rules/bad-traffic.rules(28: Cannot check
> flow connection for non-TCP traffic
>
> I Manged to get past that by commenting the udp lines, but then the next
> ruleset is same,
> and the next
> and the next
>
> I can't just copmment nearly every rule !!
>
> is theer a fix for this ?
>
> Apr 17 17:01:54 obeids01 snort[21890]: [ID 379120 daemon.error] FATAL
> ERROR: /usr/local/etc/snort/./rules/rpc.rules(33): Cannot check flow
> connection for non-TCP traffic
>
> Any ideas ?
>
> I'm using the latest 2.8 rule set ( registered users )
>
> ,,_ -*> Snort! <*-
> o" )~ Version 2.8.0 (Build 67)
> '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
> (C) Copyright 1998-2007 Sourcefire Inc., et al.
> Using PCRE version: 4.5 01-December-2003
>
>
>
> ..For low fares and great deals on hotels, car hire and travel insurance
> visit http://www.aerlingus.com
>
> ************************************************** *****************************
>
> This email and any files transmitted with it are confidential and
>
> intended solely for the use of the individual or entity to whom they
>
> are addressed. Any review, dissemination or other use of, or taking
>
> of any action in reliance upon, this information by persons or entities
>
> other than the intended recipient is prohibited.If you have received
>
> this email in error please notify the sender immediately and delete
>
> the material.
>
> ************************************************** *****************************
>
> Aer Lingus Limited
>
> Registered in Ireland
>
> Company Number 9215
>
> Registered Office at Dublin Airport, Dublin,Ireland.
>
> ************************************************** *****************************
>
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757...un.com/javaone
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users