Snort mailing list archives
Re: Having trouble editing the configuration file for Windows
From: Trevor Thompson <trevthom18 () gmail com>
Date: Thu, 24 Jul 2014 12:39:42 -0400
Through following the advice given by Michael I the first error that inquired about, but I am now encountering a new type of error. "ERROR: C:\snort\rules\file-identify.rules(22) Unknown ClassType: misc-activity" I've done some googling to see exactly what the problem is, but I cannot seem to find someone who has encountered the exact error that I'm facing now. This link describes a similar situation a recommends that the cause of the problem is the classification.config file: http://comments.gmane.org/gmane.comp.security.ids.snort.general/43598 However, I examined the contents of this file and couldn't find any problems with it. I'll post the file so you all can see it. config classification: shellcode-detect,Executable Code was Detected,1 config classification: string-detect,A Suspicious String was Detected,3 config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2 config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2 config classification: system-call-detect,A System Call was Detected,2 config classification: tcp-connection,A TCP Connection was Detected,4 config classification: trojan-activity,A Network Trojan was Detected, 1 config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2 config classification: network-scan,Detection of a Network Scan,3 config classification: denial-of-service,Detection of a Denial of Service Attack,2 config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2 config classification: protocol-command-decode,Generic Protocol Command Decode,3 config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2 config classification: web-application-attack,Web Application Attack,1 config classification: misc-activity,Misc activity,3 config classification: misc-attack,Misc Attack,2 config classification: icmp-event,Generic ICMP event,3 config classification: inappropriate-content,Inappropriate Content was Detected,1 config classification: policy-violation,Potential Corporate Privacy Violation,1 config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2 config classification: sdf,Sensitive Data was Transmitted Across the Network,2 config classification: file-format,Known malicious file or file based exploit,1 config classification: malware-cnc,Known malware command and control traffic,1 config classification: client-side-exploit,Known client side exploit attempt,1 Again, any help you all can provide would be appreciated. On Wed, Jul 23, 2014 at 7:12 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 7/23/2014 5:13 PM, Trevor Thompson wrote:# path to dynamic preprocessor libraries dynamicpreprocessor directoryC:\Snort\lib\snort_dynamicpreprocessor\sf_dcerpc.dll# path to base preprocessor engine dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll # path to dynamic rules libraries dynamicdetection directory C:\Snort\lib\snort_dynamicengine\sf_engine.dll "ERROR: c:\snort\etc\snort.conf(243) Could not stat dynamic module path "C:\Snort\lib\snort\dynamic_ preprocessor\sf_dcerpc.dll": No such file or directory"the error seems to be pretty straight forward... does sf_dcerpc.dll exists in the named directory?? did you move it to the new directory from where it originally exists when you changed the path?I've been following a tutorial that told me to change the path's to the different dynamic library files in this manner, but the program stillwill notcompile correctly.compiling is a lot different than running... you can tell snort where to find the above files in the snort.conf so compiling shouldn't be part of the problem in this case... -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Having trouble editing the configuration file for Windows Trevor Thompson (Jul 23)
- Re: Having trouble editing the configuration file for Windows Michael Steele (Jul 23)
- Re: Having trouble editing the configuration file for Windows waldo kitty (Jul 23)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 24)
- Re: Having trouble editing the configuration file for Windows waldo kitty (Jul 24)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 24)
- Re: Having trouble editing the configuration file for Windows waldo kitty (Jul 25)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 25)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 24)