Re: Having trouble editing the configuration file for Windows

[Trevor Thompson <trevthom18 () gmail com>]

I believe the classification.conf file is in the proper directory here are
the lines in the snort.conf file that reference it:

include C:\snort\etc\classification.config
include C:\snort\etc\reference.config

I also searched the entire contents of the Snort directory installed on the
C drive and could only find the classification file within the etc
directory at the exact path that the snort.conf file says that I should
look for.


On Thu, Jul 24, 2014 at 3:20 PM, waldo kitty <wkitty42 () windstream net>
wrote:

> On 7/24/2014 12:39 PM, Trevor Thompson wrote:
> > Through following the advice given by Michael I the first error that
> inquired
> > about, but I am now encountering a new type of error.
> >
> > "ERROR: C:\snort\rules\file-identify.rules(22) Unknown ClassType:
> misc-activity"
>
> is your classification.conf in the proper directory? is it the proper one
> to be
> being loaded by snort via your snort.conf file?
>
> the point of the questions is that the one you posted seems to be correct
> but
> snort may be loading a different one...
>
> i ran into a situation on a machine the other day where it was looking for
> classification.conf and reference.conf in the rules directory... the
> problem
> reared its head when a different rule set was loaded that included those
> files
> and overwrote the ones that were there previously with ones that were
> missing
> some of the entries... our solution was to force snort to use ones in a
> specific
> directory where they would not be overwritten by those in rules set
> archives...
> we also developed a quick update script that merged the various ones into
> the
> master ones now being referenced in snort.conf...
>
> --
>   NOTE: No off-list assistance is given without prior approval.
>         Please *keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!