[Snort-users] Classtype Map Error
Al Lewis (allewi)
allewi at cisco.com
Tue May 15 12:05:27 EDT 2018
Where is the include for the file set to point to within your config file?
What is the class type you are using?
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>
From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of Sujit Ghosal via Snort-users <snort-users at lists.snort.org>
Reply-To: Sujit Ghosal <thesujit at gmail.com>
Date: Tuesday, May 15, 2018 at 10:51 AM
To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: [Snort-users] Classtype Map Error
I've installed snort v126.96.36.199 (source installation) on my Ubuntu box and it got through successfully without any errors. Now I placed some custom rules inside "/etc/snort/rules/custom.rules" and placed some valid rules into it. And I've "only" enabled custom.rules and disabled the rest.
Now when I try to validate (#snort -c /etc/snort/snort.conf -T --daq dump) whether snort is unable to compile my rules and it throws an error saying:
ERROR: /etc/snort/rules/custom.rules(2) Unknown ClassType: attempted-user
NOTE: I am quite sure that I've placed classification.config and reference.config inside /etc/snort (chmod explicitly to 777 as well for both the files). Wandering why it still throws, "unknown classtype". But when I remove the classtype parameter from those rules it all works fine without any error.
Any idea where things might be going wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users