Re: Classtype Map Error

["Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>]

Hello,

Where is the include for the file set to point to within your config file?

What is the class type you are using?


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org> on behalf of Sujit Ghosal via Snort-users <snort-users () 
lists snort org>
Reply-To: Sujit Ghosal <thesujit () gmail com>
Date: Tuesday, May 15, 2018 at 10:51 AM
To: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: [Snort-users] Classtype Map Error

Hey All,
    I've installed snort v2.9.11.1 (source installation) on my Ubuntu box and it got through successfully without any 
errors. Now I placed some custom rules inside "/etc/snort/rules/custom.rules" and placed some valid rules into it. And 
I've "only" enabled custom.rules and disabled the rest.

Now when I try to validate (#snort -c /etc/snort/snort.conf -T --daq dump) whether snort is unable to compile my rules 
and it throws an error saying:
ERROR: /etc/snort/rules/custom.rules(2) Unknown ClassType: attempted-user

NOTE: I am quite sure that I've placed classification.config and reference.config inside /etc/snort (chmod explicitly 
to 777 as well for both the files). Wandering why it still throws, "unknown classtype". But when I remove the classtype 
parameter from those rules it all works fine without any error.

Any idea where things might be going wrong?


Regards,
Sujit




_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette