Snort mailing list archives
Re: ERROR WITH VIRUS.RULES
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 04 Feb 2002 16:13:21 -0500
Ok, read closely this time.. the rules directory is not where the file you need is located.
In addition to the rules, you need a file named "classification.config". This file is NOT in the rules subdirectory of the snort CVS tarball. It is in the (underline, bold, flashing red letters) *etc* directory. Grab it, put it where your rules are, watch it work.
(note this is more or less a rehash of what Chris said, with emphasis added)FAQ maintainer: This is getting to be a common question on the list, so how about a snort FAQ 6.22:
----------------- Q: Why do I get "Bad Priority setting" errors when snort reads my .rules files?Make sure you have the classification.config file installed in the same directory as your rules files. This file is included in the snort distribution so check your downloaded tarball for it.
------------------I'd include comments about where the file is in the distro, but the release 1.8.2 tarball had it in the root snort directory, but the current CVS tarballs seem to have it in the etc subdir. I've not checked the latest release tarballs to see if the etc thing is an artifact of CVS, or if the release format is changed.
At 05:44 PM 2/4/2002 +0100, EPenove wrote:
i have the same pb : i download this file : /downloads/snortrules.tar.gz & put it in the /etc/snort/ & now i download : /downloads/snort-daily.tar.gz et put the rules directory in the /etc/snort/ but i have the same error ..... !!!!! Manu On Monday 04 February 2002 17:26, Chris Grout wrote: > You need to copy over the new classification.config into your rules > directory. If you are using the 'snort-daily.tar.gz', its in the ./etc > directory. > > Chris >
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ERROR WITH VIRUS.RULES EPenove (Feb 04)
- RE: ERROR WITH VIRUS.RULES Chris Grout (Feb 04)
- Re: ERROR WITH VIRUS.RULES EPenove (Feb 04)
- Re: ERROR WITH VIRUS.RULES Matt Kettler (Feb 04)
- Re: ERROR WITH VIRUS.RULES EPenove (Feb 04)
- <Possible follow-ups>
- ERROR WITH VIRUS.RULES EPenove (Feb 04)
- RE: ERROR WITH VIRUS.RULES Chris Grout (Feb 04)