[Snort-users] Classtype Map Error

Sujit Ghosal thesujit at gmail.com
Mon May 14 09:34:51 EDT 2018


Hey All,
    I've installed snort v2.9.11.1 (source installation) on my Ubuntu box
and it got through successfully without any errors. Now I placed some
custom rules inside "/etc/snort/rules/custom.rules" and placed some valid
rules into it. And I've "only" enabled custom.rules and disabled the rest.

Now when I try to validate (#snort -c /etc/snort/snort.conf -T --daq dump)
whether snort is unable to compile my rules and it throws an error saying:
ERROR: /etc/snort/rules/custom.rules(2) Unknown ClassType: attempted-user

NOTE: I am quite sure that I've placed classification.config and
reference.config inside /etc/snort (chmod explicitly to 777 as well for
both the files). Wandering why it still throws, "unknown classtype". But
when I remove the classtype parameter from those rules it all works fine
without any error.

Any idea where things might be going wrong?


Regards,
Sujit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180514/b21e7761/attachment.html>


More information about the Snort-users mailing list