Snort mailing list archives

Possible Snort Bug

From: "Dan Garbar" <dgarbar () americanbeef com>
Date: Tue, 16 Apr 2013 11:50:25 -0700

Hi all,

 

I'm a novice, but have found a solution and want to share it with everyone.

 

If someone has any idea how this may have happened, I would gladly like to
hear it.

 

 

I'm using Snort Ver. 2.9.4.1 pkg v. 2.5.5 Built from source

 

I was getting the following error:

 

snort[41480]: FATAL ERROR:
/usr/local/etc/snort/snort_7455_em2/preproc_rules/decoder.rules(1) Unknown
ClassType: protocol-command-decode

 

After working with Joel Esler (Senior Research Engineer, VRT / OpenSource
Community Manager at Sourcefire) who has asked the right questions, I was
able to determine that the following files were empty:

 

/usr/local/etc/snort/snort_7455_em2/classification.config

/usr/local/etc/snort/snort_7455_em2/reference.config

 

So Snort was unable to decode a rule and thus gave me the above error.

 

To fix this I copied the contents from 

/usr/local/etc/snort/classification.config to

/usr/local/etc/snort/snort_7455_em2/classification.config

 

Started Snort and it worked!

 

Please note, I have not been modifying any files before this. This is my
first time in that area. So this empty file business must be either update
related or something else - This I'd like to know.

 

Thanks all.

 

 


IT Administrator - Dano

        

 

 


 

 


 

 


 


 

 

                

 

 

 

NOTE: The information contained in this communication is the property of
American Beef Processors of Oregon, LLC and is privileged and confidential
information intended only for the use of the named recipient. If the reader
of this message is not the named recipient, any use, distribution or copying
of this communication is prohibited. If you have received this communication
in error, please notify us immediately by telephone and destroy the original
message from your electronic files.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Possible Snort Bug Dan Garbar (Apr 19)