mailing list archives
Re: Snort Start up error
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 18 Apr 2013 18:35:24 -0400
On Thu, Apr 18, 2013 at 06:25:18PM -0400, beenph wrote:
On Thu, Apr 18, 2013 at 6:13 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 4/18/2013 17:38, Said Nurhussein wrote:
thanks Waldo. I have classification.config in /etc/snort.conf from the install
but don't see version# when I display it.
there is no version number in the classification.config file that i'm aware of...
the file should be just over 3K bytes in size and contain roughly 70 lines...
one of those lines should contain the misc-activity classification entry... the
entry you are looking for will likely be toward the bottom in the "# NEW
> Date: Thu, 18 Apr 2013 13:18:16 -0400
> From: wkitty42 () windstream net
> To: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort Start up error
> On 4/18/2013 11:23, Said Nurhussein wrote:
> > Hello All,
> > I've installed snort 2.9.4. 5 and using rules files
> > but when i try to start snort I get the following error.
> > ERROR: /etc/snort/rules/blacklist.rules(2) Unknown ClassType: misc-activity
> > Fatal Error, Quitting..
> > How can I fix this.
You can get updated classification.config here
This should fix your issue.
Have to make sure that your include statement is correct as well, make sure that you are pointing to the right
classification.config in your Snort.conf
Senior Research Engineer, VRT
OpenSource Community Manager
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Snort not seeing IP-traffic, just Ether/Other Kim.Halavakoski () Crosskey fi (Apr 18)