Snort mailing list archives
Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
From: Rameez Qureshi <rameez_q () hotmail co uk>
Date: Fri, 11 Apr 2014 19:16:59 +0100
That clears things up, I have went to the blacklist rule I'm not sure as to why is throwing up that error and when commenting out one rule and going onto the next gives me the same error I have taken out the malware rules as I'm simply using snort for its detection of malicious attacks in the form of scanning or attacks with metasploit Thanks Rameez Sent from my iPhone On 11 Apr 2014, at 07:01 PM, "Nicholas Mavis (nmavis)" <nmavis () cisco com> wrote:
The error points to line 22 in your blacklist.rules file not your snort.conf. See the following error message you provided: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Nick From: Rameez Qureshi <rameez_q () hotmail co uk> Date: Friday, April 11, 2014 at 1:39 PM To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Subject: [Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Hello I still seem to be getting problems and cant seem to find an answer for the following erorr: Initializing rule chains... ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Fatal Error, Quitting.. I have no whitelist/blacklist rules added and found answers online pointing to possible problems with my classification.config and reference.config however I havent touched these files and dont know why its giving this error The error which points to line 22 is the following in the snort.conf: # test mode -T you are required to supply an interface -i <interface> # or test mode will fail to fully validate the configuration and # exit with a FATAL error I have ran snort in this mode with the following command: root@kali:/usr/src# snort -T -i 192.168.0.10 -c snort.conf I have attached my snort.conf Any help is greatly appreciated Thanks Rameez
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Rameez Qureshi (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Nicholas Mavis (nmavis) (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Rameez Qureshi (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Joel Esler (jesler) (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Rameez Qureshi (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity waldo kitty (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity waldo kitty (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Rameez Qureshi (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity waldo kitty (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity waldo kitty (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Rameez Qureshi (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Nicholas Mavis (nmavis) (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity Rameez Qureshi (Apr 11)
- Re: ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity waldo kitty (Apr 11)