[Snort-devel] Problems after 1.8.3 upgrade to 1.8.6

Erek Adams erek at ...105...
Fri Apr 12 14:14:04 EDT 2002

On Fri, 12 Apr 2002, Michael Lafreniere wrote:


> Apr 11 11:53:59 gw snort: Initializing daemon mode
> Apr 11 11:53:59 gw snort: PID stat checked out ok, PID set to /var/run/
> Apr 11 11:53:59 gw snort: Writing PID file to "/var/run/"
> Apr 11 11:53:59 gw snort: FATAL ERROR: ERROR line /root/rules (1) =>
> Unknown rule type: <FA><A8>
> I've greped the rules directory for both versions for <FA><A8> and nothing
> turns up.  Help!!
> If you need more info please email me and tell me what you need.  Thanks.

First things first:  Relax.  :)  It helps!

It seems that you've got a corrupt rule or corrupt config file.  Don't start
snort with the -D parameter, try starting by hand and using the -T flag.  -T
will do a sanity check on all files.  Your error is either on the first line
of your .conf file or the first line of a rules file, if I read your error

Check that and see what you get!

Erek Adams

More information about the Snort-devel mailing list