[Snort-users] Unknown rule type

Michael Steele michaels at ...9077...
Wed Aug 25 15:24:07 EDT 2004


Go down to line 116 in your snort.conf and hash it out and the error will go
away. There is a problem with that rule set and should be repaired.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Michael.Spotz at ...194...
> Sent: Wednesday, August 25, 2004 12:31 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] Unknown rule type
> 
> I would appreciate whatever help anyone can offer.  I've installed Snort
> on a unix box running Solaris 8. When I run the following command (as
> root):
> 
> /usr/local/bin/snort -A fast -c /usr/local/snort/etc/snort.conf
> 
> I get the following messages:
> 
> Running in IDS mode
> Log directory = /var/log/snort
> 
> Initializing Network Interface hme0
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface hme0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file /usr/local/snort/etc/snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ERROR: /usr/local/snort/etc/snort.conf(116) => Unknown rule type: Stop
> Fatal Error, Quitting.
> 
> Initially, I thought the 116 was a Snort sid for BACKDOOR BackOrifice
> access, but the snort.conf file disables backdoor rulesets, and I deleted
> the backdoor.rules file from the rules directory.  How nice it would be if
> I could determine specifically what "Unknown rule type" refers to.
> 
> Thanks in advance for any help.
> 
> Mike Spotz<mailto:(michael.spotz at ...194...)>
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list