[Sguil-users] Unable to find matching rule in /nsm/sguild_data/rules/eve
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
[Sguil-users] Unable to find matching rule in /nsm/sguild_data/rules/eve
|
From: OlRoy O. <olr...@ya...> - 2007-01-29 21:52:53
|
Thanks to Nikns OBSD 4.0 tutorial (http://www.vorant.com/nsmwiki/index.php?title=Setup_a_Sguil_framework_using_ports_under_OpenBSD) I was able to get Sguil installed. I highly recommend that it be referenced on Sguils website since it's the easiest tutorial I've seen... Now for my minor problem. Software OpenBSD 4.0 Sguil 0.6.1 Snort 2.4.5 (Build 29) Mysql 5.0.22 The problem I'm getting the following error even though the *.rules are clearly listed in the directory it's searching for: Unable to find matching rule in /nsm/sguild_data/rules/eve. The Rule alert tcp $HOME_NET any -> $EXTERNAL_NET 21 (msg:"FTP OBSD"; content:"openbsd"; nocase; classtype:misc-activity; sid:2000001;) Sguild pid(3087) Client Command Received: RuleRequest eve Snort Alert [1:2000001:0] pid(3087) Checking /nsm/sguild_data/rules/eve/attack-responses.rules... pid(3087) Checking /nsm/sguild_data/rules/eve/backdoor.rules... <continues for every *.rules file> pid(3087) Sending sock14: InsertRuleData Unable to find matching rule in /nsm/sguild_data/rules/eve. It's hard to tell, but I think it's just for the test rules that I've created. I only have 2 alerts that display the rule correctly. A couple other questions for you... What does ST and RT stand for? Also, why are there 3 IDS alert windows? I'm loving Sguil so far. Thanks! --------------------------------- TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. |