OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Snort-users] Duplicate classification

From: Sean Kiewiet (SKiewietprioritypaymentsystems.com)
Date: Wed Sep 21 2005 - 17:31:14 CDT

OBSD 3.7
SNORT 2.3.3

I'm getting the errors below when I start up snort (on each interface).
I have looked through each of the snort.conf files and I can see that
the classification.config is only defined once:

include classification.config

and that classification.config resides in /etc/snort/

I start snort via rc.local like this

nohup /usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D

Any ideas on how to remedy?
What causes this error?

Sean

WARNING /etc/snort/classification.config(169): Duplicate classification
"not-suspicious"found, ignoring this line
WARNING /etc/snort/classification.config(170): Duplicate classification
"unknown"found, ignoring this line
WARNING /etc/snort/classification.config(171): Duplicate classification
"bad-unknown"found, ignoring this line
WARNING /etc/snort/classification.config(172): Duplicate classification
"attempted-recon"found, ignoring this line
WARNING /etc/snort/classification.config(173): Duplicate classification
"successful-recon-limited"found, ignoring this line
WARNING /etc/snort/classification.config(174): Duplicate classification
"successful-recon-largescale"found, ignoring this lin
e
WARNING /etc/snort/classification.config(175): Duplicate classification
"attempted-dos"found, ignoring this line
WARNING /etc/snort/classification.config(176): Duplicate classification
"successful-dos"found, ignoring this line
WARNING /etc/snort/classification.config(177): Duplicate classification
"attempted-user"found, ignoring this line
WARNING /etc/snort/classification.config(178): Duplicate classification
"unsuccessful-user"found, ignoring this line
WARNING /etc/snort/classification.config(179): Duplicate classification
"successful-user"found, ignoring this line
WARNING /etc/snort/classification.config(180): Duplicate classification
"attempted-admin"found, ignoring this line
WARNING /etc/snort/classification.config(181): Duplicate classification
"successful-admin"found, ignoring this line
WARNING /etc/snort/classification.config(185): Duplicate classification
"rpc-portmap-decode"found, ignoring this line
WARNING /etc/snort/classification.config(186): Duplicate classification
"shellcode-detect"found, ignoring this line
WARNING /etc/snort/classification.config(187): Duplicate classification
"string-detect"found, ignoring this line
WARNING /etc/snort/classification.config(188): Duplicate classification
"suspicious-filename-detect"found, ignoring this line
WARNING /etc/snort/classification.config(189): Duplicate classification
"suspicious-login"found, ignoring this line
WARNING /etc/snort/classification.config(190): Duplicate classification
"system-call-detect"found, ignoring this line
WARNING /etc/snort/classification.config(191): Duplicate classification
"tcp-connection"found, ignoring this line
WARNING /etc/snort/classification.config(192): Duplicate classification
"trojan-activity"found, ignoring this line
WARNING /etc/snort/classification.config(193): Duplicate classification
"unusual-client-port-connection"found, ignoring this
line
WARNING /etc/snort/classification.config(194): Duplicate classification
"network-scan"found, ignoring this line
WARNING /etc/snort/classification.config(195): Duplicate classification
"denial-of-service"found, ignoring this line
WARNING /etc/snort/classification.config(196): Duplicate classification
"non-standard-protocol"found, ignoring this line
WARNING /etc/snort/classification.config(197): Duplicate classification
"protocol-command-decode"found, ignoring this line
WARNING /etc/snort/classification.config(198): Duplicate classification
"web-application-activity"found, ignoring this line
WARNING /etc/snort/classification.config(199): Duplicate classification
"web-application-attack"found, ignoring this line
WARNING /etc/snort/classification.config(200): Duplicate classification
"misc-activity"found, ignoring this line
WARNING /etc/snort/classification.config(201): Duplicate classification
"misc-attack"found, ignoring this line
WARNING /etc/snort/classification.config(202): Duplicate classification
"icmp-event"found, ignoring this line
WARNING /etc/snort/classification.config(203): Duplicate classification
"kickass-porn"found, ignoring this line
WARNING /etc/snort/classification.config(204): Duplicate classification
"policy-violation"found, ignoring this line
WARNING /etc/snort/classification.config(205): Duplicate classification
"default-login-attempt"found, ignoring this line
Opened spool file '/nsm/em1/today/em1.snort.log.1127343619'
OpSguil_Start

-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users