[Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity

waldo kitty wkitty42 at ...14940...
Fri Apr 11 15:23:57 EDT 2014


On 4/11/2014 3:15 PM, waldo kitty wrote:
> On 4/11/2014 2:16 PM, Rameez Qureshi wrote:
>> That clears things up, I have went to the blacklist rule
>>
>> I'm not sure as to why is throwing up that error and when commenting out one
>> rule and going onto the next gives me the same error
>
> ummm... the blacklist file should not have /any/ rules it in... the blacklist
> and whitelist files contain only IP numbers...

*CLARIFICATION:*  those used for the reputation processor! not the regular rules 
file...


> now, i suspect that you are running into a defect that was discussed some months
> ago... that defect being that the black_list.rules and blacklist.rules files
> names are too similar and they confuse folks...
[...]
> this appears to indicate that the naming conflict i speak of above is NOT what
> is biting you... it does, instead, point to your classification.conf file not
> being in the proper place...

these two paragraphs conflict... sorry for not catching it before sending...

> so, with all of that said, have you placed your classification.conf and
> reference.conf files in /etc/ with your snort.conf file?

you've clarified that these are not in the same directory as your snort.conf... 
are they all three in /etc/ or somewhere else?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list