[Snort-users] FW: AW: Libovar Man info.

Rameez Qureshi rameez_q at ...16117...
Thu Apr 10 15:39:46 EDT 2014


Hello

> yes i saw that... my first question is why is it looking in a 'src' directory? 
> there should be no need to add paths to those include lines... generally 
> speaking, those two files (classification.conf and reference.conf) should reside 
> in the same directory as your snort.conf (/etc/)...


I have tried different options to get it working when being left in its basic format being include classification.config and the same for reference I get the following error:

Initialising rule chains...
ERROR: ../rules/blacklist.rules(22) unknown ClassType: Trojan-activity
Fatal Error, Quitting..

When going to line 22 of snort.conf
I have then followed the instructions to fully validate the configuration and exit with a fatal error 

However I'm not sure on how to correct this

Thanks
Rameez 

On 10 Apr 2014, at 07:59 PM, "waldo kitty" <wkitty42 at ...14940...> wrote:

> On 4/10/2014 2:31 PM, Rameez Qureshi wrote:
>> I don't think I got the second email, I got the one where you replied and
>> suggested me starting from scratch
> 
> that is the one i'm speaking of... here's a manual quote of it ;)
> 
> [quote]
> On 4/9/2014 6:19 PM, Rameez Qureshi wrote:
>> for my snort.conf file when taking out the # out of the rule paths for rules and
>> for including individual rules it throws up and error and this led me to taking
>> out the # where snort seemed to fire correctly but did not load any rules
> 
> sorry! i hit the wrong keys with my previous reply :(
> 
> line 538 in your snort.conf doesn't contain a filename...
> line 540 is missing the '/' between "rules" and "file"...
> line 692 is missing the 'i' in "include"...
> 
> you have so many other items commented out that it is doubtful that you will get
> it working without a lot of editing... you might want to start with a fresh
> snort.conf and then make the few edits needed for your installation while
> leaving everything else as is...
> [/quote]
> 
>> which is what I have done now as ended up with the following:
> 
> yes i saw that... my first question is why is it looking in a 'src' directory? 
> there should be no need to add paths to those include lines... generally 
> speaking, those two files (classification.conf and reference.conf) should reside 
> in the same directory as your snort.conf (/etc/)...
> 
> 
> -- 
> NOTE: No off-list assistance is given without prior approval.
>       Please keep mailing list traffic on the list unless
>       private contact is specifically requested and granted.
> 
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment 
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list