[Snort-users] Duplicate classification

Sean Kiewiet SKiewiet at ...13511...
Wed Sep 21 15:33:36 EDT 2005


OBSD		3.7
SNORT		2.3.3

I'm getting the errors below when I start up snort (on each interface).
I have looked through each of the snort.conf files and I can see that
the classification.config is only defined once:

include classification.config

and that classification.config resides in /etc/snort/


I start snort via rc.local like this

nohup /usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D


Any ideas on how to remedy?
What causes this error?

Sean


WARNING /etc/snort/classification.config(169): Duplicate classification
"not-suspicious"found, ignoring this line
WARNING /etc/snort/classification.config(170): Duplicate classification
"unknown"found, ignoring this line
WARNING /etc/snort/classification.config(171): Duplicate classification
"bad-unknown"found, ignoring this line
WARNING /etc/snort/classification.config(172): Duplicate classification
"attempted-recon"found, ignoring this line
WARNING /etc/snort/classification.config(173): Duplicate classification
"successful-recon-limited"found, ignoring this line
WARNING /etc/snort/classification.config(174): Duplicate classification
"successful-recon-largescale"found, ignoring this lin
e
WARNING /etc/snort/classification.config(175): Duplicate classification
"attempted-dos"found, ignoring this line
WARNING /etc/snort/classification.config(176): Duplicate classification
"successful-dos"found, ignoring this line
WARNING /etc/snort/classification.config(177): Duplicate classification
"attempted-user"found, ignoring this line
WARNING /etc/snort/classification.config(178): Duplicate classification
"unsuccessful-user"found, ignoring this line
WARNING /etc/snort/classification.config(179): Duplicate classification
"successful-user"found, ignoring this line
WARNING /etc/snort/classification.config(180): Duplicate classification
"attempted-admin"found, ignoring this line
WARNING /etc/snort/classification.config(181): Duplicate classification
"successful-admin"found, ignoring this line
WARNING /etc/snort/classification.config(185): Duplicate classification
"rpc-portmap-decode"found, ignoring this line
WARNING /etc/snort/classification.config(186): Duplicate classification
"shellcode-detect"found, ignoring this line
WARNING /etc/snort/classification.config(187): Duplicate classification
"string-detect"found, ignoring this line
WARNING /etc/snort/classification.config(188): Duplicate classification
"suspicious-filename-detect"found, ignoring this line
WARNING /etc/snort/classification.config(189): Duplicate classification
"suspicious-login"found, ignoring this line
WARNING /etc/snort/classification.config(190): Duplicate classification
"system-call-detect"found, ignoring this line
WARNING /etc/snort/classification.config(191): Duplicate classification
"tcp-connection"found, ignoring this line
WARNING /etc/snort/classification.config(192): Duplicate classification
"trojan-activity"found, ignoring this line
WARNING /etc/snort/classification.config(193): Duplicate classification
"unusual-client-port-connection"found, ignoring this
line
WARNING /etc/snort/classification.config(194): Duplicate classification
"network-scan"found, ignoring this line
WARNING /etc/snort/classification.config(195): Duplicate classification
"denial-of-service"found, ignoring this line
WARNING /etc/snort/classification.config(196): Duplicate classification
"non-standard-protocol"found, ignoring this line
WARNING /etc/snort/classification.config(197): Duplicate classification
"protocol-command-decode"found, ignoring this line
WARNING /etc/snort/classification.config(198): Duplicate classification
"web-application-activity"found, ignoring this line
WARNING /etc/snort/classification.config(199): Duplicate classification
"web-application-attack"found, ignoring this line
WARNING /etc/snort/classification.config(200): Duplicate classification
"misc-activity"found, ignoring this line
WARNING /etc/snort/classification.config(201): Duplicate classification
"misc-attack"found, ignoring this line
WARNING /etc/snort/classification.config(202): Duplicate classification
"icmp-event"found, ignoring this line
WARNING /etc/snort/classification.config(203): Duplicate classification
"kickass-porn"found, ignoring this line
WARNING /etc/snort/classification.config(204): Duplicate classification
"policy-violation"found, ignoring this line
WARNING /etc/snort/classification.config(205): Duplicate classification
"default-login-attempt"found, ignoring this line
Opened spool file '/nsm/em1/today/em1.snort.log.1127343619'
OpSguil_Start





More information about the Snort-users mailing list