Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anybody know how to fix this error?

From: "Tommy Cansanay" <toortog () gmail com>
Date: Fri, 12 Sep 2008 16:44:07 -0400
John,
  Thank you for the suggestion. cat -v * (on the rules dir) didn't really
help me much since it gave me a slew of entries that looked normal.

Paul,
   Obviously.. IT IS NOT OBVIOUS since I'm asking for help. I did not assign
the PORTVAR variable with/to "ANY". I do the normal routine of pushing VRT
rules that has worked before and I did not do anything special this time
other than review and uncomment a few rules that the VRT team commented. I
also did NOT modify the snort.conf, which I may add... the same snort.conf
file (that's been working) that I've been using for a while now!

Magic fix... removed previously tar'd dirs, untarred it again, and somehow
it's good to go. Somehow something got corrupted and since doing an egrep
for PORTVAR didn't show squat and I need the stuff to be up, I had to just
redo the procedure and push each categorized rule[s] one at a time (hoping
it will at least point me to a rule that was syntactically incorrect) --
which fortunately it didn't.

Thanks
 Tom

On Fri, Sep 12, 2008 at 4:09 PM, Paul Schmehl <pschmehl_lists () tx rr com>wrote:


--On Friday, September 12, 2008 3:39 PM -0400 Tommy Cansanay <
toortog () gmail com> wrote:



I was updating rules, restarted and got this...

FATAL ERROR: ***Rule--PortVar Parse error: (pos=4,error=not a number)

ANY >>   ^



Anybody run into this? Better yet, how to fix it?



It's pretty obvious, isn't it?  You can't use "ANY" as the value of
PORTVAR.  It must be a number or number, comma or dash separated.

Somewhere in the snort.conf file there is a line with the following:
PORTVAR = ANY

That line is invalid.

Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: