Snort crashing after adding any rules

  • I am on the current build 64 bit. everything is working great except when I try to add any rules form the snort categories.  When I even add one category, snort crashes and I can't get it restarted until I remove all the rules.  It does work well on blocking port scans.  That's the only preprocessor I have turned on.  Any help is appreciated. Thanks.

  • Don't you have to have a the related preprocessor activated for each rule? Could you post the actual log entries for the crash.

  • I'll post the crash log tonight. Thanks.  I am new to snort, not sure what has to be activated to to do certain tasks.

  • you were right.  I have been messing with the preprocessor rules and the various categories.  It's working now, but i noticed the "Sensisitive data searches for CC or SS# in data" make it crash with no rule sets enabled. weird.  thanks for your help. Are the ET rules better than the snort rules?  What is a desired combination that isn't too restrictive, but blocks incoming attacks. I am not as much worried about outgoing issues.

Log in to reply