[Snort-users] Unknown rule type

Truax, Shawn (MBS) Shawn.Truax at ...8509...
Wed Aug 25 13:28:16 EDT 2004


Hi Michael,

The 116 refers the line number of the snort.conf the error is on.  Open
snort.conf in your favourite editor and go down to line 116.  Check and see
if there are any linefeeds or carriage returns, extra characters, missing
characters, etc.  If you still can't see the problem post a copy of your
snort.conf from the 116 line area.  Say 5 lines above and below for everyone
to take a look at.  Usually these are some sort of typo or formatting error.

Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107


-----Original Message-----
From: Michael.Spotz at ...194... [mailto:Michael.Spotz at ...194...]
Sent: August 25, 2004 3:31 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Unknown rule type


I would appreciate whatever help anyone can offer.  I've installed Snort on
a unix box running Solaris 8. When I run the following command (as root):

/usr/local/bin/snort -A fast -c /usr/local/snort/etc/snort.conf

I get the following messages:

Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface hme0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface hme0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /usr/local/snort/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: /usr/local/snort/etc/snort.conf(116) => Unknown rule type: Stop
Fatal Error, Quitting.

Initially, I thought the 116 was a Snort sid for BACKDOOR BackOrifice
access, but the snort.conf file disables backdoor rulesets, and I deleted
the backdoor.rules file from the rules directory.  How nice it would be if I
could determine specifically what "Unknown rule type" refers to.

Thanks in advance for any help.

Mike Spotz<mailto:(michael.spotz at ...194...)>



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040825/4e6cdb0d/attachment.html>


More information about the Snort-users mailing list