[Snort-users] Unknown class type

Michael Lubinski michael.lubinski at ...11827...
Mon Feb 7 08:55:02 EST 2011


It did not contain this line;

config classification: sdf,Sensitive Data,2

thanks for your quick responses.

On Mon, Feb 7, 2011 at 7:49 AM, Alex Kirk <akirk at ...1935...> wrote:

> I assume you meant all three of those *were* commented out.
>
> You also want to be sure your classification.config contains the line:
>
> config classification: sdf,Sensitive Data,2
>
> On Mon, Feb 7, 2011 at 8:36 AM, Michael Lubinski <
> michael.lubinski at ...11827...> wrote:
>
>> Even with all three of the rules not commented out,
>>
>> preprocessor.rules
>> decoder.rules
>> sensitive-data.rules
>>
>> I still get the error.
>>
>>
>> On Mon, Feb 7, 2011 at 7:29 AM, Alex Kirk <akirk at ...1935...> wrote:
>>
>>> You don't have the Sensitive Data preprocessor enabled. Either turn it
>>> on, or comment out all rules with a classtype of "sdf".
>>>
>>> On Mon, Feb 7, 2011 at 8:24 AM, Michael Lubinski <
>>> michael.lubinski at ...11827...> wrote:
>>>
>>>> When I start snort with snort -c /etc/snort/snort.conf -i eth0 I get an
>>>> error stating
>>>>
>>>> "error: /etc/snort/rules/preproc_rules/preprocessor.rules(175) unknown
>>>> clastype; sdf
>>>>
>>>> My snort was working good, then I wanted to integrate the ET rules and
>>>> now I am having issues again. Any help would be appreciated.
>>>>
>>>> *classification.config is is in my snort.conf.
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> The modern datacenter depends on network connectivity to access
>>>> resources
>>>> and provide services. The best practices for maximizing a physical
>>>> server's
>>>> connectivity to a physical network are well understood - see how these
>>>> rules translate into the virtual world?
>>>> http://p.sf.net/sfu/oracle-sfdevnlfb
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>
>>>
>>>
>>> --
>>> Alex Kirk
>>> AEGIS Program Lead
>>> Sourcefire Vulnerability Research Team
>>> +1-410-423-1937
>>> alex.kirk at ...1935...
>>>
>>
>>
>
>
> --
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110207/2b77cf8d/attachment.html>


More information about the Snort-users mailing list