[SOLVED] Snort 220.127.116.11 pkg v. 2.5.4 Issues
I'm having some issues with Snort 18.104.22.168 pkg v. 2.5.4. I write this custom rule and can't start Snort:
alert icmp any any -> $HOME_NET any (msg:"Pinging with TTL=64"; ttl:64; sid:2000001; rev:1;)
I'm running pfSense on a Vmware virtual machine (1GB RAM). Here the logs:
bmeeks last edited by
Snort wants a "classtype:" field in the rule, and this should match up with one of the defined classtypes in the classification.config file. I assume the Snort exit is happening when the rule fires ???
Thank you! This solved my problem :D Snort working well now :D