Snort mailing list archives
Snort 2.3.0 and p2p rules question
From: A Bose <abose () engin umich edu>
Date: Fri, 25 Feb 2005 13:12:45 -0500
Hello,I am trying to play back a tcpdump/libpcap trace using the p2p.rules but getting an error. I modified /etc/snort/snort.conf and put in a line:
## include somefile.rules include /etc/snort/rules/p2p.rulesIn my case, both HOME_NET and EXTERNAL_NET are set to "any". When I do the following:
$ snort -dvr file.pcap -c /etc/snort/snort.conf I get an error: Running in IDS mode TCPDUMP file reading mode. Reading network traffic from "file.pcap" file. snaplen = 100 --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: /etc/snort/rules/p2p.rules(10) => Unknown ClassType: policy-violation Fatal Error, Quitting..Can someone please tell me what I am doing wrong ? I am a *very* new user of snort (and that may be just the problem!)
Thanks! Abhijit Bose University of Michigan ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.3.0 and p2p rules question A Bose (Mar 02)
- Re: Snort 2.3.0 and p2p rules question Edin Dizdarevic (Mar 02)