[Snort-users] Snort Start up error

Joel Esler jesler at ...1935...
Thu Apr 18 18:35:24 EDT 2013


On Thu, Apr 18, 2013 at 06:25:18PM -0400, beenph wrote:
> On Thu, Apr 18, 2013 at 6:13 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> > On 4/18/2013 17:38, Said Nurhussein wrote:
> >> thanks Waldo. I have classification.config in /etc/snort.conf from the install
> >> but don't see version# when I display it.
> >
> > there is no version number in the classification.config file that i'm aware of...
> >
> > the file should be just over 3K bytes in size and contain roughly 70 lines...
> > one of those lines should contain the misc-activity classification entry... the
> > entry you are looking for will likely be toward the bottom in the "# NEW
> > CLASSIFICATIONS" section...
> >
> >>  > Date: Thu, 18 Apr 2013 13:18:16 -0400
> >>  > From: wkitty42 at ...14940...
> >>  > To: snort-users at lists.sourceforge.net
> >>  > Subject: Re: [Snort-users] Snort Start up error
> >>  >
> >>  > On 4/18/2013 11:23, Said Nurhussein wrote:
> >>  > > Hello All,
> >>  > > I've installed snort 2.9.4. 5 and using rules files
> >> snortrules-snapshot-2941.tar.gz
> >>  > > but when i try to start snort I get the following error.
> >>  > >
> >>  > > ERROR: /etc/snort/rules/blacklist.rules(2) Unknown ClassType: misc-activity
> >>  > > Fatal Error, Quitting..
> >>  > >
> >>  > > How can I fix this.
> >>  >
> 
> Said,
> You can get updated classification.config here
> http://labs.snort.org/snort/2945/
> 
> This should fix your issue.


Have to make sure that your include statement is correct as well, make sure that you are pointing to the right classification.config in your Snort.conf

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire




More information about the Snort-users mailing list