Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.

[Eoin Miller <eoin.miller () trojanedbinaries com>]

On 8/15/2011 9:15 PM, alexus wrote:
> I'm trying to run snort-2.9.0.5 and in my logs I'm getting following
> messages:
>
> Aug 15 21:10:07 dd snort[71312]: Running in IDS mode Aug 15 21:10:07
> dd snort[71312]: Aug 15 21:10:07 dd snort[71312]:         --==
> Initializing Snort ==-- Aug 15 21:10:07 dd snort[71312]: Initializing
> Output Plugins! Aug 15 21:10:07 dd snort[71312]: Initializing
> Preprocessors! Aug 15 21:10:07 dd snort[71312]: Initializing
> Plug-ins! Aug 15 21:10:07 dd snort[71312]: Parsing Rules file
> "/usr/local/etc/snort.conf" Aug 15 21:10:07 dd snort[71312]: FATAL
> ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.
>
> line 45 of /usr/local/etc/snort.conf states:
>
> ipvar HOME_NET [64.237.55.65/27]
>
> I dont understand why it's complaining ...

I only use the braces when providing a comma separated list. Maybe just
try it without the braces:

ipvar HOME_NET  64.237.55.65/27

It shouldn't really matter, but maybe Snort is expecting a list and not
getting one so that is causing the parsing of the conf to fail. Post the
contents of a few lines before your HOME_NET is defined as well
if you could.

-- Eoin

------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation