There is an error in /etc/snort/rules/web-misc.rules, line 452 Jun 5 16:49:26 s363 snort[5100]: FATAL ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to parse pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi" After removing the line, it works. No emerge --info needed.
Mine loads. No commenting out. It seems that more data is needed. That or close this bug. (In reply to comment #0) > There is an error in /etc/snort/rules/web-misc.rules, line 452 > > Jun 5 16:49:26 s363 snort[5100]: FATAL ERROR: ERROR > /etc/snort/rules/web-misc.rules Line 452 => unable to parse pcre regex > "fn=Eye\d{4}_\d{2}.log/Rmsi" > > After removing the line, it works. > > No emerge --info needed. >
It's still there, if you use /etc/snort/snort.conf.distrib.
There is a new ebuild for snort-2.8.4 at the following bug... bug#266288 This ebuild resolves this issue. Make sure you update your rules.
Still an issue with 2.8.4-r1 ?
