Results 1 to 3 of 3
  1. #1
    Untangler
    Join Date
    Feb 2018
    Posts
    42

    Default FATAL ERROR: /etc/snort/rules/app_26.rules(708)

    All has been running fine until this morning when this error cause the IPS app to stop:

    Nov 7 06:02:03 untangle1 snort[66851]: FATAL ERROR: /etc/snort/rules/app_26.rules(708) Unknown rule option: 'dns_query'.
    Nov 7 06:02:03 untangle1 snort[66851]: WARNING: /etc/snort/rules/app_26.rules(15) threshold (in rule) is deprecated; use detection_filter instead.
    Nov 7 06:02:03 untangle1 snort[66851]: Initializing rule chains...
    Nov 7 06:02:03 untangle1 snort[66851]: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Nov 7 06:02:03 untangle1 snort[66851]:
    Nov 7 06:02:03 untangle1 snort[66851]:
    Nov 7 06:02:03 untangle1 snort[66851]: #01120000
    Nov 7 06:02:03 untangle1 snort[66851]: Ports:
    Nov 7 06:02:03 untangle1 snort[66851]: Check Link-Layer CRCs: ENABLED
    Nov 7 06:02:03 untangle1 snort[66851]: Memcap: 262144
    Nov 7 06:02:03 untangle1 snort[66851]: DNP3 config:
    Nov 7 06:02:03 untangle1 snort[66851]:
    Nov 7 06:02:03 untangle1 snort[66851]: #011502
    Nov 7 06:02:03 untangle1 snort[66851]: Ports:
    Nov 7 06:02:03 untangle1 snort[66851]: Modbus config:
    Nov 7 06:02:03 untangle1 snort[66851]: Non-Encoded MIME attachment Extraction Depth: Unlimited
    Nov 7 06:02:03 untangle1 snort[66851]: Non-Encoded MIME attachment Extraction: Enabled
    Nov 7 06:02:03 untangle1 snort[66851]: Unix-to-Unix Decoding Depth: Unlimited
    Nov 7 06:02:03 untangle1 snort[66851]: Unix-to-Unix Decoding: Enabled
    Nov 7 06:02:03 untangle1 snort[66851]: Quoted-Printable Decoding Depth: Unlimited

    Oddly, the last log entry was recorded at 2018-11-06 01:01:20 am, which does not correspond to the above. I have not modified any rules. I have changed logging options, turning several on which were off before, but all has been working for a few weeks with these changes as well. Restarting the app results in the above message again and the app will not run. Suggestions?

  2. #2
    Master Untangler cblaise's Avatar
    Join Date
    Jul 2014
    Location
    Burlington, VT
    Posts
    103

    Default

    Sorry about that. It will be fixed with tonight's update.

  3. #3
    Untangler
    Join Date
    Feb 2018
    Posts
    42

    Default

    Quote Originally Posted by cblaise View Post
    Sorry about that. It will be fixed with tonight's update.
    Good to know. Thanks for the response.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2