[Snort-users] Unknown rule type

Michael.Spotz at ...194... Michael.Spotz at ...194...
Wed Aug 25 12:32:18 EDT 2004

I would appreciate whatever help anyone can offer.  I've installed Snort on a unix box running Solaris 8. When I run the following command (as root):

/usr/local/bin/snort -A fast -c /usr/local/snort/etc/snort.conf

I get the following messages:

Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface hme0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface hme0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /usr/local/snort/etc/snort.conf

Initializing rule chains...
ERROR: /usr/local/snort/etc/snort.conf(116) => Unknown rule type: Stop
Fatal Error, Quitting.

Initially, I thought the 116 was a Snort sid for BACKDOOR BackOrifice access, but the snort.conf file disables backdoor rulesets, and I deleted the backdoor.rules file from the rules directory.  How nice it would be if I could determine specifically what "Unknown rule type" refers to.

Thanks in advance for any help.

Mike Spotz<mailto:(michael.spotz at ...194...)>

More information about the Snort-users mailing list