[Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity

Rameez Qureshi rameez_q at ...16117...
Fri Apr 11 15:36:23 EDT 2014


The reference and classification are in the same directory where I run snort from where the snort.conf is
That is the usr/src directory
 
The same files are also in in usr/src/snort-2.9.6.0/etc
 
I have attempted to run from both directories and still have the error
 
I have also got a new error now which is: ERROR: .//usr/src/rules/rules/local.rules(0) Unable to open rules file ".//usr/src/rules/rules/local.rules": No such file or directory.

Which i suspect is i have messed up a location somewhere by mistake but cannot correct it

I have attached my snort.conf 


> Date: Fri, 11 Apr 2014 15:23:57 -0400
> From: wkitty42 at ...14940...
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
> 
> On 4/11/2014 3:15 PM, waldo kitty wrote:
> > On 4/11/2014 2:16 PM, Rameez Qureshi wrote:
> >> That clears things up, I have went to the blacklist rule
> >>
> >> I'm not sure as to why is throwing up that error and when commenting out one
> >> rule and going onto the next gives me the same error
> >
> > ummm... the blacklist file should not have /any/ rules it in... the blacklist
> > and whitelist files contain only IP numbers...
> 
> *CLARIFICATION:*  those used for the reputation processor! not the regular rules 
> file...
> 
> 
> > now, i suspect that you are running into a defect that was discussed some months
> > ago... that defect being that the black_list.rules and blacklist.rules files
> > names are too similar and they confuse folks...
> [...]
> > this appears to indicate that the naming conflict i speak of above is NOT what
> > is biting you... it does, instead, point to your classification.conf file not
> > being in the proper place...
> 
> these two paragraphs conflict... sorry for not catching it before sending...
> 
> > so, with all of that said, have you placed your classification.conf and
> > reference.conf files in /etc/ with your snort.conf file?
> 
> you've clarified that these are not in the same directory as your snort.conf... 
> are they all three in /etc/ or somewhere else?
> 
> -- 
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
> 
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment 
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/d525fbed/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.conf
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/d525fbed/attachment.ksh>


More information about the Snort-users mailing list