Home page logo

snort logo Snort mailing list archives

Possible Snort Bug
From: "Dan Garbar" <dgarbar () americanbeef com>
Date: Tue, 16 Apr 2013 11:50:25 -0700

Hi all,


I'm a novice, but have found a solution and want to share it with everyone.


If someone has any idea how this may have happened, I would gladly like to
hear it.



I'm using Snort Ver. pkg v. 2.5.5 Built from source


I was getting the following error:


snort[41480]: FATAL ERROR:
/usr/local/etc/snort/snort_7455_em2/preproc_rules/decoder.rules(1) Unknown
ClassType: protocol-command-decode


After working with Joel Esler (Senior Research Engineer, VRT / OpenSource
Community Manager at Sourcefire) who has asked the right questions, I was
able to determine that the following files were empty:





So Snort was unable to decode a rule and thus gave me the above error.


To fix this I copied the contents from 

/usr/local/etc/snort/classification.config to



Started Snort and it worked!


Please note, I have not been modifying any files before this. This is my
first time in that area. So this empty file business must be either update
related or something else - This I'd like to know.


Thanks all.



IT Administrator - Dano















NOTE: The information contained in this communication is the property of
American Beef Processors of Oregon, LLC and is privileged and confidential
information intended only for the use of the named recipient. If the reader
of this message is not the named recipient, any use, distribution or copying
of this communication is prohibited. If you have received this communication
in error, please notify us immediately by telephone and destroy the original
message from your electronic files.


Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
Snort-devel mailing list
Snort-devel () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
  • Possible Snort Bug Dan Garbar (Apr 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]