[Snort-users] Unknown class type

Alex Kirk akirk at ...1935...
Mon Feb 7 08:49:45 EST 2011


I assume you meant all three of those *were* commented out.

You also want to be sure your classification.config contains the line:

config classification: sdf,Sensitive Data,2

On Mon, Feb 7, 2011 at 8:36 AM, Michael Lubinski <michael.lubinski at ...11827...
> wrote:

> Even with all three of the rules not commented out,
>
> preprocessor.rules
> decoder.rules
> sensitive-data.rules
>
> I still get the error.
>
>
> On Mon, Feb 7, 2011 at 7:29 AM, Alex Kirk <akirk at ...1935...> wrote:
>
>> You don't have the Sensitive Data preprocessor enabled. Either turn it on,
>> or comment out all rules with a classtype of "sdf".
>>
>> On Mon, Feb 7, 2011 at 8:24 AM, Michael Lubinski <
>> michael.lubinski at ...11827...> wrote:
>>
>>> When I start snort with snort -c /etc/snort/snort.conf -i eth0 I get an
>>> error stating
>>>
>>> "error: /etc/snort/rules/preproc_rules/preprocessor.rules(175) unknown
>>> clastype; sdf
>>>
>>> My snort was working good, then I wanted to integrate the ET rules and
>>> now I am having issues again. Any help would be appreciated.
>>>
>>> *classification.config is is in my snort.conf.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> The modern datacenter depends on network connectivity to access resources
>>> and provide services. The best practices for maximizing a physical
>>> server's
>>> connectivity to a physical network are well understood - see how these
>>> rules translate into the virtual world?
>>> http://p.sf.net/sfu/oracle-sfdevnlfb
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>>
>> --
>> Alex Kirk
>> AEGIS Program Lead
>> Sourcefire Vulnerability Research Team
>> +1-410-423-1937
>> alex.kirk at ...1935...
>>
>
>


-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110207/2c42ff68/attachment.html>


More information about the Snort-users mailing list