[Oisf-users] Most rules fail to load

Will Metcalf william.metcalf at gmail.com
Sat Jan 2 22:29:25 UTC 2010


Yes but we still need to fix this up somehow ;-).... I will create a
ticket for this.

Regards,

Will

On Sat, Jan 2, 2010 at 4:27 PM, Rich Rumble <richrumble at gmail.com> wrote:
> That certainly helps!! I did find the file in my Snort /etc/ directory
> [9685] 2/1/2010 -- 17:22:33 - (detect.c:349) <Info>
> (SigLoadSignatures) -- Loading rule file: test.rule
> [9685] 2/1/2010 -- 17:22:33 - (detect.c:268) <Info>
> (DetectLoadSigFile) -- 1 successfully loaded from file test.rule.
> [9685] 2/1/2010 -- 17:22:33 - (detect.c:374) <Info>
> (SigLoadSignatures) -- 13358 rules loaded from 71 files.
> [9685] 2/1/2010 -- 17:22:33 - (detect-engine-sigorder.c:787) <Info>
> (SCSigOrderSignatures) -- ordering signatures in memory
> SCSigOrderSignatures: Total Signatures to be processed by
> thesigordering module: 13395
> [9685] 2/1/2010 -- 17:22:51 - (detect-engine-sigorder.c:828) <Info>
> (SCSigOrderSignatures) -- total signatures reordered by the
> sigordering module: 13395
> Thanks!
>
> On Sat, Jan 2, 2010 at 5:03 PM, William Metcalf
> <william.metcalf at gmail.com> wrote:
>> Currently you need a valid classification.config file which can be found in
>> the snort source or in the brt rules.  I think in the future will get rid of
>> this requirement by setting some sane default classification and priority if
>> the file is not present
>>
>> Regards,
>>
>> Will
>



More information about the Oisf-users mailing list