[SOLVED] Snort 2.9.2.3 pkg v. 2.5.4 Issues
-
I'm having some issues with Snort 2.9.2.3 pkg v. 2.5.4. I write this custom rule and can't start Snort:
alert icmp any any -> $HOME_NET any (msg:"Pinging with TTL=64"; ttl:64; sid:2000001; rev:1;)
I'm running pfSense on a Vmware virtual machine (1GB RAM). Here the logs:
-
Snort wants a "classtype:" field in the rule, and this should match up with one of the defined classtypes in the classification.config file. I assume the Snort exit is happening when the rule fires ???
-
Thank you! This solved my problem :D Snort working well now :D