Re: Snort Start up error

[waldo kitty <wkitty42 () windstream net>]

On 4/18/2013 23:13, Said Nurhussein wrote:
> include /etc/snort/classification.config

ok...

this earlier statement (below) of yours confuses me... i can't tell if it is the 
directory you are speaking of or the entry in the snort.conf...

> thanks Waldo.  I have classification.config in /etc/snort.conf from the
> install but don't see version# when I display it.

so, does the file specifically reside in /etc/ or in /etc/snort/ ??

> Btw, I'm doing this on Fedora 16 but used the instructions to install on this
> website
> http://www.pacificsimplicity.ca/node/95

ok... i'm suspecting a typo somewhere and that the file is not where the config 
is pointing to or the config that is being used is not the proper one...

1. make sure there is only one classification.config on your system
2. make sure that it resides in /etc/snort/
3. make sure that it is up to date
4. make sure that snort.conf points to the file in /etc/snort/



> Said Nurhussein
>
>
>  > Date: Thu, 18 Apr 2013 22:38:26 -0400
>  > From: wkitty42 () windstream net
>  > To: snort-users () lists sourceforge net
>  > Subject: Re: [Snort-users] Snort Start up error
>  >
>  > On 4/18/2013 20:27, Said Nurhussein wrote:
>  > > my command
>  > > # snort -T -c /etc/snort/snort.conf
>  >
>  > that would seem to explicitly use the snort.conf you are expecting it to use...
>  > what does the include line for classification.config look like in that conf?
>  >
>  > > sorry for not responding to the mailing list
>  >
>  > no problem... thank you for understanding... i used to simply not respond or if
>  > i did, i'd say to post on the list... i've now gotten my sigs figured out so i
>  > shouldn't need to do that any more... now i'll just respond to the list with the
>  > followup set to the list as well :)
>  >
>  > > Said Nurhussein
>  > >
>  > >
>  > > > Date: Thu, 18 Apr 2013 20:05:48 -0400
>  > > > From: wkitty42 () windstream net
>  > > > To: snort-users () lists sourceforge net
>  > > > CC: saidnur34 () hotmail com
>  > > > Subject: Re: [Snort-users] Snort Start up error
>  > > >
>  > > > On 4/18/2013 18:31, Said Nurhussein wrote:
>  > > > > the following line is in the classification.config file
>  > > > > config classification: misc-activity,Misc activity,3
>  > > >
>  > > > that is the correct line...
>  > > >
>  > > > > Could this error be due to not having the latest rules-set?
>  > > >
>  > > > no... the error is because your snort is not loading the proper file... i
>  > > > pointed you to your snort.conf file to see what file it is loading ;)
>  > > >
>  > > > are you sure your snort is loading the proper snort.conf file? what is your
>  > > > snort command line?
>  > > >
>  > > > also, please read my sig and follow its instructions... others cannot
> learn and
>  > > > fix their same or similar problem when traffic is taken private in cases like
>  > > > this...
>  > > >
>  > > > i've added the list back into this reply... thanks!

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!