[Snort-devel] Possible Snort Bug

Dan Garbar dgarbar at ...3397...
Tue Apr 16 14:50:25 EDT 2013


Hi all,

 

I'm a novice, but have found a solution and want to share it with everyone.

 

If someone has any idea how this may have happened, I would gladly like to
hear it.

 

 

I'm using Snort Ver. 2.9.4.1 pkg v. 2.5.5 Built from source

 

I was getting the following error:

 

snort[41480]: FATAL ERROR:
/usr/local/etc/snort/snort_7455_em2/preproc_rules/decoder.rules(1) Unknown
ClassType: protocol-command-decode

 

After working with Joel Esler (Senior Research Engineer, VRT / OpenSource
Community Manager at Sourcefire) who has asked the right questions, I was
able to determine that the following files were empty:

 

/usr/local/etc/snort/snort_7455_em2/classification.config

/usr/local/etc/snort/snort_7455_em2/reference.config

 

So Snort was unable to decode a rule and thus gave me the above error.

 

To fix this I copied the contents from 

/usr/local/etc/snort/classification.config to

/usr/local/etc/snort/snort_7455_em2/classification.config

 

Started Snort and it worked!

 

Please note, I have not been modifying any files before this. This is my
first time in that area. So this empty file business must be either update
related or something else - This I'd like to know.

 

Thanks all.

 

 


IT Administrator - Dano

	

 

 


 

 


 

 


 


 

 

		

 

 

 

NOTE: The information contained in this communication is the property of
American Beef Processors of Oregon, LLC and is privileged and confidential
information intended only for the use of the named recipient. If the reader
of this message is not the named recipient, any use, distribution or copying
of this communication is prohibited. If you have received this communication
in error, please notify us immediately by telephone and destroy the original
message from your electronic files.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130416/4a0fb4b0/attachment.html>


More information about the Snort-devel mailing list