[Snort-users] Fatal error when starting snort on the sensor

sekure sekure at ...11827...
Fri Sep 17 11:31:04 EDT 2004


I would look for the word "ports" in your snort.conf.  Discounting all
the comments, there is only one place that I have the word "ports" in
my snort.conf, and that's where I define http_inspect preprocessor.

So go there and make sure that if you commented out http_inspect, you
also commented out everything below it.  Or if it isn't uncommented,
make sure that there is a "\" character at the end of the line
directly above the line starting with "ports"

So, either this:
preprocessor http_inspect_server: server default \
    ports { 80 8080 } 

Or this:
# preprocessor http_inspect_server: server default \
#    ports { 80 8080 } 

NOT THIS:
preprocessor http_inspect_server: server default <--*****BACKSLASH MISSING****
    ports { 80 8080 } 

----- Original Message -----
From: Juan Fernandez <juan.fernandez at ...2210...>
Date: Fri, 17 Sep 2004 21:11:13 +0300
Subject: [Snort-users] Fatal error when starting snort on the sensor
To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>




Hi Guys!!    

 

When I start snort manually from the command line /etc/init.d/snort
start I see that snort starts:

 

Starting Intrusion Database System: SNORT

SNORT is up and running!

 

On /var/log/messeges I see:

 

Sep 17 21:02:54 sensjrlan snort: FATAL ERROR:
/etc/snort/snort.conf(458) => Unknown rule type: ports

 

In snort.conf the 458 line is this:

 

output database: alert, mysql, user=snort password=snort dbname=snort
host=208.170.171.199 sensor_name=sensjrlan

 

Mysql and acid are on another server (208.170.171.199) I checked that
I can telnet to port 3306 so what's wrong ?

 

Thanks very much!!!




More information about the Snort-users mailing list