Snort crashing after adding any rules
-
I am on the current build 64 bit. everything is working great except when I try to add any rules form the snort categories. When I even add one category, snort crashes and I can't get it restarted until I remove all the rules. It does work well on blocking port scans. That's the only preprocessor I have turned on. Any help is appreciated. Thanks.
-
Don't you have to have a the related preprocessor activated for each rule? Could you post the actual log entries for the crash.
-
I'll post the crash log tonight. Thanks. I am new to snort, not sure what has to be activated to to do certain tasks.
-
you were right. I have been messing with the preprocessor rules and the various categories. It's working now, but i noticed the "Sensisitive data searches for CC or SS# in data" make it crash with no rule sets enabled. weird. thanks for your help. Are the ET rules better than the snort rules? What is a desired combination that isn't too restrictive, but blocks incoming attacks. I am not as much worried about outgoing issues.