Snort mailing list archives
RE: Unknown rule type
From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 25 Aug 2004 15:21:55 -0700
Go down to line 116 in your snort.conf and hash it out and the error will go away. There is a problem with that rule set and should be repaired. Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Michael.Spotz () usdoj gov Sent: Wednesday, August 25, 2004 12:31 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Unknown rule type I would appreciate whatever help anyone can offer. I've installed Snort on a unix box running Solaris 8. When I run the following command (as root): /usr/local/bin/snort -A fast -c /usr/local/snort/etc/snort.conf I get the following messages: Running in IDS mode Log directory = /var/log/snort Initializing Network Interface hme0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface hme0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /usr/local/snort/etc/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: /usr/local/snort/etc/snort.conf(116) => Unknown rule type: Stop Fatal Error, Quitting. Initially, I thought the 116 was a Snort sid for BACKDOOR BackOrifice access, but the snort.conf file disables backdoor rulesets, and I deleted the backdoor.rules file from the rules directory. How nice it would be if I could determine specifically what "Unknown rule type" refers to. Thanks in advance for any help. Mike Spotz<mailto:(michael.spotz () usdoj gov)> ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Unknown rule type Michael.Spotz () usdoj gov (Aug 25)
- Re: Unknown rule type Aaron Glenn (Aug 25)
- Re: Unknown rule type Paul Halliday (Aug 25)
- RE: Unknown rule type Michael Steele (Aug 25)
- <Possible follow-ups>
- RE: Unknown rule type Truax, Shawn (MBS) (Aug 25)