Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Unknown rule type

From: "Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>
Date: Wed, 25 Aug 2004 16:26:37 -0400
Hi Michael,

The 116 refers the line number of the snort.conf the error is on.  Open
snort.conf in your favourite editor and go down to line 116.  Check and see
if there are any linefeeds or carriage returns, extra characters, missing
characters, etc.  If you still can't see the problem post a copy of your
snort.conf from the 116 line area.  Say 5 lines above and below for everyone
to take a look at.  Usually these are some sort of typo or formatting error.

Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107


-----Original Message-----
From: Michael.Spotz () usdoj gov [mailto:Michael.Spotz () usdoj gov]
Sent: August 25, 2004 3:31 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Unknown rule type


I would appreciate whatever help anyone can offer.  I've installed Snort on
a unix box running Solaris 8. When I run the following command (as root):

/usr/local/bin/snort -A fast -c /usr/local/snort/etc/snort.conf

I get the following messages:

Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface hme0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface hme0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /usr/local/snort/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: /usr/local/snort/etc/snort.conf(116) => Unknown rule type: Stop
Fatal Error, Quitting.

Initially, I thought the 116 was a Snort sid for BACKDOOR BackOrifice
access, but the snort.conf file disables backdoor rulesets, and I deleted
the backdoor.rules file from the rules directory.  How nice it would be if I
could determine specifically what "Unknown rule type" refers to.

Thanks in advance for any help.

Mike Spotz<mailto:(michael.spotz () usdoj gov)>



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: