Snort failure with latest version - Snort 2.9.2.3 pkg v. 2.5.2
-
Snort fails with the following error:
FATAL ERROR: /usr/local/etc/snort/snort_2472_em0/preproc_rules/sensitive-data.rules(1) Unknown ClassType: sdf
-
True. There are many other issues concerning the preproc - rules… you have to disable some of the rules (especially .so rules) to start it again... I uninstalled the complete package and removed all settings (uncheck in configuration-checkbox) and reinstalled the package. Then loaded the rules, activated all preprocessors and then activated all rules (for testing).. and then it worked.
-
in my case, I just removed the WAN which snort was generating fatal erros for and after I re-added the Interface and reset the rules and categories everything worked back. It's probably some kind of software conflict.