Snort mailing list archives

Re: Snort Start up error

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 18 Apr 2013 18:13:44 -0400

On 4/18/2013 17:38, Said Nurhussein wrote:

thanks Waldo. I have classification.config in /etc/snort.conf from the install
but don't see version# when I display it.


there is no version number in the classification.config file that i'm aware of...

the file should be just over 3K bytes in size and contain roughly 70 lines... 
one of those lines should contain the misc-activity classification entry... the 
entry you are looking for will likely be toward the bottom in the "# NEW 
CLASSIFICATIONS" section...

 > Date: Thu, 18 Apr 2013 13:18:16 -0400
 > From: wkitty42 () windstream net
 > To: snort-users () lists sourceforge net
 > Subject: Re: [Snort-users] Snort Start up error
 >
 > On 4/18/2013 11:23, Said Nurhussein wrote:
 > > Hello All,
 > > I've installed snort 2.9.4. 5 and using rules files
snortrules-snapshot-2941.tar.gz
 > > but when i try to start snort I get the following error.
 > >
 > > ERROR: /etc/snort/rules/blacklist.rules(2) Unknown ClassType: misc-activity
 > > Fatal Error, Quitting..
 > >
 > > How can I fix this.
 >
 > check that your classification.config is the latest one... you can find the
 > location of this file by its include line in yor snort.conf file... it is
 > generally found at the end of the section above your rules inclusion

section...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort Start up error Said Nurhussein (Apr 18)
- Re: Snort Start up error waldo kitty (Apr 18)
  - Message not available
    - Re: Snort Start up error waldo kitty (Apr 18)
    - Re: Snort Start up error beenph (Apr 18)
    - Re: Snort Start up error Joel Esler (Apr 18)
  - Message not available
    - Message not available
    - Message not available
    - Re: Snort Start up error waldo kitty (Apr 18)
    - Re: Snort Start up error Said Nurhussein (Apr 18)
    - Re: Snort Start up error waldo kitty (Apr 18)
    - Re: Snort Start up error Said Nurhussein (Apr 18)
    - Re: Snort Start up error waldo kitty (Apr 19)
- Snort not seeing IP-traffic, just Ether/Other Kim.Halavakoski () Crosskey fi (Apr 18)
  - Re: Snort not seeing IP-traffic, just Ether/Other Glenn Geller (Apr 18)
  - Re: Snort not seeing IP-traffic, just Ether/Other James Lay (Apr 18)

(Thread continues...)