Hi All,


I am working on NIDS ,
In this I want to compare Snorts rules with incoming packets.
for that snorts rules and packets are parse into the jess format.


But at the time of loading rules file and packet file But I got following error :


Jess reported an error in routine Jesp.parseDefrule
while executing (batch "C:/Jess70p2/Jess70p2/bin/all_rules.clp").
Message: Expected '=>' at token 'backdoor.rules'.
Program text: ( batch "C:/Jess70p2/Jess70p2/bin/all_rules.clp" ) at line 1.
at jess.Jesp.error(Unknown Source)
at jess.Jesp.parseDefrule(Unknown Source)
at jess.Jesp.parseExpression(Unknown Source)
at jess.Jesp.promptAndParseOneExpression(Unknown Source)


and code for this :

Rete engine = new Rete();
engine.executeCommand("(batch \"C:/Jess70p2/Jess70p2/bin/all_rules.clp\")");
engine.executeCommand("(load-facts \"C:/Jess70p2/Jess70p2/bin/jess_facts.bat\")");
engine.run();


Following is the jess format of rules and packet:

Rule :
(defrule Rule19 backdoor.rules (packet (protocol tcp) (source_ipaddr $HOME_NET) (source_port 2000) (direction ->) (destination_ipaddr $EXTERNAL_NET ) (destination_port any) (content Insane Network vs 4.0 by Suid Flow|0A 0D|www.blackcode.com|0A 0D|[r00t]|23|) (ID 3015 ) )=> (printout t Alert, BACKDOOR Insane Network 4.0 connection established crlf))


and packet converted into jess

(deftemplate packet “A Network Packet” (slot /192.168.2.4 )(slot 59235 )(slot -> )(slot /239.255.255.250)(slot 1900)(slot UDP )(slot 128)(slot 0 )(slot 2166 )(slot null )(slot 175 )(slot null )(slot null )(slot [B@10bc995 )
: