Mark Sargent powderkeg at ...11462...
Sat Apr 9 02:26:33 EDT 2005

Hi All,

anyone seen this error b4..? I've checked my snort.conf file and 
confirmed that the rules path = /etc/snort/rules,

var RULE_PATH /etc/snort/rules

 and here is the rules dir content,

[root at ...274... snort]# cd /etc/snort
[root at ...274... snort]# ls
classification.config  reference.config  rules  snort.conf  
snort.conf.rpmsave  unicode.map
[root at ...274... snort]# cd rules
[root at ...274... rules]# ls
attack-responses.rules  ftp.rules         mysql.rules      
rservices.rules    web-client.rules
backdoor.rules          icmp-info.rules   netbios.rules    
scan.rules         web-coldfusion.rules
bad-traffic.rules       icmp.rules        nntp.rules       
shellcode.rules    web-frontpage.rules
chat.rules              imap.rules        oracle.rules     
smtp.rules         web-iis.rules
ddos.rules              info.rules        other-ids.rules  
snmp.rules         web-misc.rules
deleted.rules           local.rules       p2p.rules        
sql.rules          web-php.rules
dns.rules               Makefile          policy.rules     
telnet.rules       x11.rules
dos.rules               Makefile.am       pop2.rules       tftp.rules
experimental.rules      Makefile.in       pop3.rules       virus.rules
exploit.rules           misc.rules        porn.rules       web-attacks.rules
finger.rules            multimedia.rules  rpc.rules        web-cgi.rules 

Error given when running the following in the terminal,

[root at ...274... snort]# /usr/local/bin/snort -c /etc/snort/snort.conf -i 
eth0 -g snort

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name =
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
ERROR: Undefined variable name: (/etc/snort/rules/bad-traffic.rules:12): 
Fatal Error, Quitting..


Mark Sargent.

