[Snortsam-discussion] Snort 2.8.5 + Snortsam : Unknown rule option: 'fwsam'.
Wouter de Jong
maddog2k at maddog2k.net
Wed Oct 7 09:26:04 EDT 2009
Hi,
I can't get Snort 2.8.5 (patched with the Snortsam patch) to work ...
As soon as I want to load a test-rule like this :
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; dsize:>1400;
sid:1000001; fwsam: src, 20 minutes;)
I get the following :
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: /etc/snort/rules/local.rules(7) Unknown rule option: 'fwsam'.
Fatal Error, Quitting..
Snort does have Snortsam compiled in, because a 'string /usr/sbin/snort |
grep -i fwsam' reveals lines like :
ERROR => [Alert_FWsam](FWsamCheckOut) Funky socket error (socket)!
ERROR => [Alert_FWsam](FWsamCheckOut) Could not bind socket!
INFO => [Alert_FWsam](FWsamCheckOut) Disconnecting from host %s.
INFO => [Alert_FWsam](FWsamCheckOut) Had to use initial key!
etc, etc.
Am I missing something here ?
Best regards,
Wouter de Jong
More information about the Snortsam-discussion
mailing list