[Snort-devel] Problems after 1.8.3 upgrade to 1.8.6
erek at ...105...
Fri Apr 12 14:14:04 EDT 2002
On Fri, 12 Apr 2002, Michael Lafreniere wrote:
> Apr 11 11:53:59 gw snort: Initializing daemon mode
> Apr 11 11:53:59 gw snort: PID stat checked out ok, PID set to /var/run/
> Apr 11 11:53:59 gw snort: Writing PID file to "/var/run/"
> Apr 11 11:53:59 gw snort: FATAL ERROR: ERROR line /root/rules (1) =>
> Unknown rule type: <FA><A8>
> I've greped the rules directory for both versions for <FA><A8> and nothing
> turns up. Help!!
> If you need more info please email me and tell me what you need. Thanks.
First things first: Relax. :) It helps!
It seems that you've got a corrupt rule or corrupt config file. Don't start
snort with the -D parameter, try starting by hand and using the -T flag. -T
will do a sanity check on all files. Your error is either on the first line
of your .conf file or the first line of a rules file, if I read your error
Check that and see what you get!
More information about the Snort-devel