[Snort-users] Please help me...
This is a discussion on [Snort-users] Please help me... within the Snort forums, part of the System Security and Security Related category; Being a pretty new user to snort I have tried my best and came up with nothing. I looked on ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-11-2004
|
|||
|
|||
[Snort-users] Please help me...
Being a pretty new user to snort I have tried my best
and came up with nothing. I looked on the web, the website, the faqs, and anything else I could get my hands on and it didn't work. So here goes, maybe I am just tired and someone can point out my obvious mistake to me. :D (Praying) I recently got 2.0.2 up and running, it refused to enter UDP ports and port scans into the database, after much hair pulling I decided that perhaps a new version would help. (Laughing like a mad man now, LITERALLY) I download, untared, and compiled 2.1.0 with the --with-mysql option. No problem so far. I cp'ed the rules into /etc/snort/rules and changed the config file accordingly. I tried to start snort, the first error message I got was as follows : Jan 11 05:21:41 sc2 snort: FATAL ERROR: /etc/snort/snort.conf(285) => Invalid file name for IIS Unicode Map file. Couldn't find much documentation on this one, it is possible that I can't see anymore from swollen eyes but I swear to you that I could find NOTHING. I figured that one out and fixed on my own. Next (Click) place that one in the exhibit A bag. Thinking I am rocking and rollig along to seccess, I hit another snare that just plain doesn't appear to exist for anyone else in the world. The dredded phrase that I have grown to memorize like one does thier birth date. FATAL ERROR: /etc/snort/rules//bad-traffic.rules(13) => Unknown ClassType: misc-activity I have read until blue in the face and can find nothing, perhaps I missed something key. But if you or anyone you know has any information that could solve this Un-Solved Mystery, please contact me through the list. Joshua McDowell HTTP://GEOCITIES.COM/JOSHMIA2001/ P.S. I am brand new to the list, I am Joshua :D __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
