Posted by 1TUS on Feb 09, 2020; 9:34pm
URL: https://itus.accessinnov.com/Snort-Rules-Not-Working-tp1926.html

I believe my snort rules are broken or not loading properly. Below fatal error message is from the system log. I'm on v1.51 SP1. Any help or direction would be appreciated. Thanks.



Sun Feb  9 03:56:34 2020 daemon.crit dnsmasq[15900]: bad option at line 2 of /etc/ITUS_DNS.txt
Sun Feb  9 03:56:34 2020 daemon.crit dnsmasq[15900]: FAILED to start up
Sun Feb  9 03:56:34 2020 daemon.err snort[15899]: FATAL ERROR: /etc/snort/rules/snort.rules(4619) Rule options must be enclosed in '(' and ')'.
Sun Feb  9 03:56:39 2020 daemon.crit dnsmasq[15901]: bad option at line 2 of /etc/ITUS_DNS.txt
Sun Feb  9 03:56:39 2020 daemon.crit dnsmasq[15901]: FAILED to start up
Sun Feb  9 03:56:39 2020 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Sun Feb  9 03:56:39 2020 daemon.notice snort[15902]: Enabling inline operation
Sun Feb  9 03:56:39 2020 daemon.notice snort[15902]: Found pid path directive (/var/snort/)
Sun Feb  9 03:56:39 2020 daemon.notice snort[15902]: Running in IDS mode