[Snort-users] Snort 2.3.0 and p2p rules question
abose at ...13109...
Tue Mar 1 08:17:57 EST 2005
I am trying to play back a tcpdump/libpcap trace using the p2p.rules but
getting an error. I modified /etc/snort/snort.conf and put in a line:
## include somefile.rules
In my case, both HOME_NET and EXTERNAL_NET are set to "any". When I do
$ snort -dvr file.pcap -c /etc/snort/snort.conf
I get an error:
Running in IDS mode
TCPDUMP file reading mode.
Reading network traffic from "file.pcap" file.
snaplen = 100
--== Initializing Snort ==--
Initializing Output Plugins!
Parsing Rules file /etc/snort/snort.conf
Initializing rule chains...
ERROR: /etc/snort/rules/p2p.rules(10) => Unknown ClassType: policy-violation
Fatal Error, Quitting..
Can someone please tell me what I am doing wrong ? I am a *very* new
user of snort (and that may be just the problem!)
University of Michigan
More information about the Snort-users