[Snort-users] Fatal error when starting snort on the sensor

Matt Kettler mkettler at ...4108...
Fri Sep 17 13:16:24 EDT 2004


At 02:11 PM 9/17/2004, Juan Fernandez wrote:
>Sep 17 21:02:54 sensjrlan snort: FATAL ERROR: /etc/snort/snort.conf(458) 
>=> Unknown rule type: ports
>
>In snort.conf the 458 line is this:
>
>output database: alert, mysql, user=snort password=snort dbname=snort 
>host=208.170.171.199 sensor_name=sensjrlan

I suspect snort's parser is a bit confused, so I doubt the error reported 
is on that line. After all, it doesn't contain the word "ports" nor any 
variables which could expand to contain ports.

Check around for lines that begin with ports in your snort.conf, but treat 
the line number provided by snort as inaccurate.

try this for starters:
         grep ports snort.conf






More information about the Snort-users mailing list