Snort update broke Snort…...again.......



  • Third time in a row that I've updated Snort when a new version comes out and it fails to start after it updates.

    Here's the error from the log. Any idea what's going on?

    FATAL ERROR: /usr/local/etc/snort/snort_11666_igb0/rules/snort.rules(379) Unknown ClassType: sdf
    

    I did find this link that said to add config classification: sdf,Sensitive Data,2 to the classification.config and I tried it and it didn't work.

    Only rule set I run is emergeing threats open and I haven't touched any settings in the pre processor page.

    Any idea what's causing this?



  • And after F*****g with it for the last half hour I hit the start button in the GUI…...and it's running.......