Re: Unknown ClassType: protocol-command-decode

[Y M <snort () outlook com>]

Glad that you solved the issue, good catch. You may want to refer to

http://www.snort.org/vrt/snort-conf-configurations/

For future reference. These are updated continuously when necessary which you may not have in your local tarball.

Thanks.
________________________________
From: Avery Rozar<mailto:Avery.Rozar () i-techsupport com>
Sent: ‎8/‎13/‎2013 9:25 PM
To: Y M<mailto:snort () outlook com>; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Unknown ClassType: protocol-command-decode

All, I found the issue. My classification.config was jacked up, not sure how it happened. I copied a new one from the 
/src folder I installed everything from.

Thank you,
Avery

From: Y M <snort () outlook com<mailto:snort () outlook com>>
Date: Tuesday, August 13, 2013 2:12 PM
To: Avery Rozar <Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>>, "snort-users () lists 
sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists sourceforge net<mailto:snort-users 
() lists sourceforge net>>
Subject: RE: [Snort-users] Unknown ClassType: protocol-command-decode

Can you please post the rule that is causing the error? Probably starting at line 8 in your snort.conf. Also post the 
rule before and the one after.


> From: Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>
> To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
> Date: Tue, 13 Aug 2013 17:55:44 +0000
> Subject: [Snort-users] Unknown ClassType: protocol-command-decode
>
> I just installed Snort 2.9.5.3. Ran pulled pork with "snort_version=2.9.5.3".
>
> When I try starting snort, it errors out. Below is the error. At first I was thinking maybe I uploaded the wrong 
> rules, but the config looks good.
>
> Initializing rule chains...
> ERROR: /etc/snort/rules/snort.rules(8) Unknown ClassType: protocol-command-decode
> Fatal Error, Quitting..
>
> ,,_ -*> Snort! <*-
> o" )~ Version 2.9.5.3 GRE (Build 132)
> '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
> Copyright (C) 1998-2013 Sourcefire, Inc., et al.
> Using libpcap version 1.0.0
> Using PCRE version: 7.8 2008-09-05
> Using ZLIB version: 1.2.3
>
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!