Snort failure with latest version - Snort pkg v. 2.5.2

  • Snort fails with the following error:

    FATAL ERROR: /usr/local/etc/snort/snort_2472_em0/preproc_rules/sensitive-data.rules(1) Unknown ClassType: sdf

  • True. There are many other issues concerning the preproc - rules… you have to disable some of the rules (especially .so rules) to start it again... I uninstalled the complete package and removed all settings (uncheck in configuration-checkbox) and reinstalled the package. Then loaded the rules, activated all preprocessors and then activated all rules (for testing).. and then it worked.

  • in my case, I just removed the WAN which snort was generating fatal erros for and after I re-added the Interface and reset the rules and categories everything worked back. It's probably some kind of software conflict.

Log in to reply