Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Having trouble editing the configuration file for Windows

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 24 Jul 2014 15:20:29 -0400
On 7/24/2014 12:39 PM, Trevor Thompson wrote:

Through following the advice given by Michael I the first error that inquired
about, but I am now encountering a new type of error.

"ERROR: C:\snort\rules\file-identify.rules(22) Unknown ClassType: misc-activity"


is your classification.conf in the proper directory? is it the proper one to be 
being loaded by snort via your snort.conf file?

the point of the questions is that the one you posted seems to be correct but 
snort may be loading a different one...

i ran into a situation on a machine the other day where it was looking for 
classification.conf and reference.conf in the rules directory... the problem 
reared its head when a different rule set was loaded that included those files 
and overwrote the ones that were there previously with ones that were missing 
some of the entries... our solution was to force snort to use ones in a specific 
directory where they would not be overwritten by those in rules set archives... 
we also developed a quick update script that merged the various ones into the 
master ones now being referenced in snort.conf...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: