ERROR: ../../rules/snort.rules: unknown rule keyword:
# IDS モード
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua
--plugin-path /usr/local/snort/extra -i eth0 -l /var/log/snort
-D -u snort -g snort --create-pidfile -k none
Loading ../../rules/snort.rules:
ERROR: ../../rules/snort.rules:3712 unknown rule keyword: fast_pattern.
.
.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: fast_pattern.
Finished ../../rules/snort.rules:
● 解決策:
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort_defaults.lua -T
Snort successfully validated the configuration (with 0 warnings).
o")~ Snort exiting
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua -T
Loading ../../rules/snort.rules:
ERROR: ../../rules/snort.rules:3712 unknown rule keyword: fast_pattern.
ERROR: ../../rules/snort.rules:3712 unknown rule keyword: nocase.
ERROR: ../../rules/snort.rules:3712 unknown/extra pcre option encountered
ERROR: ../../rules/snort.rules:3732 unknown rule keyword: nocase.
ERROR: ../../rules/snort.rules:3732 unknown rule keyword: distance.
ERROR: ../../rules/snort.rules:3732 unknown rule keyword: fast_pattern.
ERROR: ../../rules/snort.rules:3732 unknown rule keyword: nocase.
ERROR: ../../rules/snort.rules:3732 unknown/extra pcre option encountered
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: within.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: within.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: distance.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: within.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: distance.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: within.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: distance.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: within.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: distance.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: within.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: distance.
ERROR: ../../rules/snort.rules:3756 unknown rule keyword: fast_pattern.
Finished ../../rules/snort.rules:
[root]# vim /usr/local/snort/rules/snort.rules
3712行目 コメントアウト
3732行目 コメントアウト
3756行目 コメントアウト
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua -T
Snort successfully validated the configuration (with 0 warnings).
o")~ Snort exiting
ERROR: /usr/local/snort/etc/snort/snort.lua: can't find file_id.rules_file
# IDS モード
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua
--plugin-path /usr/local/snort/extra -i eth0 -l /var/log/snort
-D -u snort -g snort --create-pidfile -k none
ERROR: /usr/local/snort/etc/snort/snort.lua: can't find file_id.rules_file
● 解決策:
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua -T
ERROR: /usr/local/snort/etc/snort/snort.lua: can't find file_id.rules_file
エラー: /usr/local/snort/etc/snort/snort.lua: file_id.rules_file が見つかりません
[root]# /usr/local/snort/bin/snort --help-module file_id
file_id
Help: manage the counters for the file_id action
ヘルプ: file_id アクションのカウンターを管理する
Type: ips_action
タイプ:ips_action
Usage: context
使用方法:コンテキスト
Peg counts:
ペグ数:
no match
一致するものなし
[root]# vim /usr/local/snort/etc/snort/snort.lua
--file_id = { rules_file = 'file_magic.rules' } <-- コメントアウト
[root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua -T
Snort successfully validated the configuration (with 0 warnings).
o")~ Snort exiting