[Snort-users] Classtype Map Error

Al Lewis (allewi) allewi at cisco.com
Tue May 15 12:05:27 EDT 2018


Where is the include for the file set to point to within your config file?

What is the class type you are using?

Albert Lewis
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of Sujit Ghosal via Snort-users <snort-users at lists.snort.org>
Reply-To: Sujit Ghosal <thesujit at gmail.com>
Date: Tuesday, May 15, 2018 at 10:51 AM
To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: [Snort-users] Classtype Map Error

Hey All,
    I've installed snort v2.9.11.1 (source installation) on my Ubuntu box and it got through successfully without any errors. Now I placed some custom rules inside "/etc/snort/rules/custom.rules" and placed some valid rules into it. And I've "only" enabled custom.rules and disabled the rest.

Now when I try to validate (#snort -c /etc/snort/snort.conf -T --daq dump) whether snort is unable to compile my rules and it throws an error saying:
ERROR: /etc/snort/rules/custom.rules(2) Unknown ClassType: attempted-user

NOTE: I am quite sure that I've placed classification.config and reference.config inside /etc/snort (chmod explicitly to 777 as well for both the files). Wandering why it still throws, "unknown classtype". But when I remove the classtype parameter from those rules it all works fine without any error.

Any idea where things might be going wrong?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180515/5dca3367/attachment.html>

More information about the Snort-users mailing list