Hello,

I have installed Libnet 1.0.2a on a solaris 2.7 box that is
running snort 1.7. After adding a rule,

alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (logto:"/var/log/snort/lp.log"; resp:rst_all,icmp_port; msg:"l
p service is protected. Connection attempt logged.";)

Snort refuses to start:

snort -A full -c /usr/local/etc/snort.conf -i le0 -l /var/log/snort -v

        --== Initializing Snort ==--

Initializing Network Interface le0
Decoding Ethernet on interface le0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...

ERROR: /usr/local/etc/snort.conf (77) => Unknown keyword "resp" in rule!

Any suggestions would be appreciated. Please CC: brentkearneys.ca,
because I'm not on the list.

Thanks,

-Brent

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]