[Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity

Rameez Qureshi rameez_q at ...16117...
Fri Apr 11 14:59:09 EDT 2014


I was thinking it was the classification file, the classification and reference.conf are in the same directory where the snort.conf is

Sent from my iPhone

On 11 Apr 2014, at 07:52 PM, "Joel Esler (jesler)" <jesler at ...589...> wrote:

> This is probably because your classification.config is in a place where the snort.conf can’t find it.
> 
> 
> On Apr 11, 2014, at 2:16 PM, Rameez Qureshi <rameez_q at ...16117...> wrote:
> 
>> That clears things up, I have went to the blacklist rule 
>> 
>> I'm not sure as to why is throwing up that error and when commenting out one rule and going onto the next gives me the same error
>> 
>> I have taken out the malware rules as I'm simply using snort for its detection of malicious attacks in the form of scanning or attacks with metasploit 
>> 
>> Thanks
>> Rameez 
>> 
>> 
>> Sent from my iPhone
>> 
>> On 11 Apr 2014, at 07:01 PM, "Nicholas Mavis (nmavis)" <nmavis at ...589...> wrote:
>> 
>>> The error points to line 22 in your blacklist.rules file not your snort.conf. See the following error message you provided:
>>> 
>>> ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
>>> 
>>> Nick
>>> 
>>> From: Rameez Qureshi <rameez_q at ...16117...>
>>> Date: Friday, April 11, 2014 at 1:39 PM
>>> To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>
>>> Subject: [Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
>>> 
>>> Hello
>>> 
>>> I still seem to be getting problems and cant seem to find an answer for the following erorr:
>>> 
>>> Initializing rule chains...
>>> ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
>>> Fatal Error, Quitting..
>>> 
>>> I have no whitelist/blacklist rules added and found answers online pointing to possible problems with my classification.config and reference.config however I havent touched these files and dont know why its giving this error
>>> 
>>> The error which points to line 22 is the following in the snort.conf:
>>> #     test mode -T you are required to supply an interface -i <interface>
>>> #     or test mode will fail to fully validate the configuration and
>>> #     exit with a FATAL error
>>> 
>>> I have ran snort in this mode with the following command: root at ...11994...:/usr/src# snort -T -i 192.168.0.10 -c snort.conf
>>> 
>>> I have attached my snort.conf
>>> 
>>> Any help is greatly appreciated
>>> 
>>> Thanks
>>> Rameez
>> ------------------------------------------------------------------------------
>> Put Bad Developers to Shame
>> Dominate Development with Jenkins Continuous Integration
>> Continuously Automate Build, Test & Deployment 
>> Start a new project now. Try Jenkins in the cloud.
>> http://p.sf.net/sfu/13600_Cloudbees_______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/3dc0180a/attachment.html>


More information about the Snort-users mailing list