[Snort-users] FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.

Eoin Miller eoin.miller at ...14586...
Mon Aug 15 17:56:34 EDT 2011


On 8/15/2011 9:15 PM, alexus wrote:
> I'm trying to run snort-2.9.0.5 and in my logs I'm getting following
> messages:
> 
> Aug 15 21:10:07 dd snort[71312]: Running in IDS mode Aug 15 21:10:07
> dd snort[71312]: Aug 15 21:10:07 dd snort[71312]:         --==
> Initializing Snort ==-- Aug 15 21:10:07 dd snort[71312]: Initializing
> Output Plugins! Aug 15 21:10:07 dd snort[71312]: Initializing
> Preprocessors! Aug 15 21:10:07 dd snort[71312]: Initializing
> Plug-ins! Aug 15 21:10:07 dd snort[71312]: Parsing Rules file
> "/usr/local/etc/snort.conf" Aug 15 21:10:07 dd snort[71312]: FATAL
> ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.
> 
> line 45 of /usr/local/etc/snort.conf states:
> 
> ipvar HOME_NET [64.237.55.65/27]
> 
> I dont understand why it's complaining ...
> 

I only use the braces when providing a comma separated list. Maybe just
try it without the braces:

ipvar HOME_NET  64.237.55.65/27

It shouldn't really matter, but maybe Snort is expecting a list and not
getting one so that is causing the parsing of the conf to fail. Post the
contents of a few lines before your HOME_NET is defined as well
if you could.

-- Eoin




More information about the Snort-users mailing list