Suricata

When the port string values exceed the hard-coded limit of 1024 bytes, parsing halts with a misleading message -- in this case, a missing closing bracket was highlighted as the cause (instead of a range that's too big)

Error: detect: not every port block was properly closed in "[21,22,23,36,80:90,311,323,383,443:444,555,591,593,623,631,664,666,801,808,818,901,972,1158,1194,1212,1220,1270,1414,1422,1533,1581,1719:1720,1741,1801,1812,1830,1942,2231,2301,2375,2381,2484,2578,2809,2869,2980,3000,3029,3037,3057,3128,3323,3443,3507,3702,4000,4343,4444,4848,5000,5054,5117,5222,5250,5416,5443,5450,5480,5555,5601,5814,5894,5984:5986,6060,6080,6173,6610,6767,6988,7000:7001,7005,7070:7071,7080,7144:7145,7180:7181,7510,7770,7777:7779,8000:8001,8008,8014:8015,8020,8028,8040,8060,8080:8082,8085,8088,8090,8095,8118,8123,8161,8180:8182,8222,8243,8280,8300,8333,8344,8393,8400,8443,8484,8500,8509,8511,8694,8787,8800,8848,8852,8880,8888,8899,8983,9000:9002,9050,9060,9080,9090,9091,9111,9200,9201,9290,9443,9447,9502,9700,9710,9788,9830,9850,9990,9999,10000,10080,10100,10250,10255,10297,10443,11371,12601,13014,15489,15672,16000,16992:16995,17000,18081,19980,20000,23472,29991,30007,30018,30888,33300,34412,34443,34444,36099,37215,40007,41080,44449,49152,49153,50000,50002,50452,51423,53331,54444,55252,55555,56712]", 1 missing closing brackets (]). Note: problem might be in a variable. [DetectPortParseDo:detect-engine-port.c:967]
Error: detect: failed to parse port var "HTTP_PORTS" with value "[21,22,23,36,80:90,311,323,383,443:444,555,591,593,623,631,664,666,801,808,818,901,972,1158,1194,1212,1220,1270,1414,1422,1533,1581,1719:1720,1741,1801,1812,1830,1942,2231,2301,2375,2381,2484,2578,2809,2869,2980,3000,3029,3037,3057,3128,3323,3443,3507,3702,4000,4343,4444,4848,5000,5054,5117,5222,5250,5416,5443,5450,5480,5555,5601,5814,5894,5984:5986,6060,6080,6173,6610,6767,6988,7000:7001,7005,7070:7071,7080,7144:7145,7180:7181,7510,7770,7777:7779,8000:8001,8008,8014:8015,8020,8028,8040,8060,8080:8082,8085,8088,8090,8095,8118,8123,8161,8180:8182,8222,8243,8280,8300,8333,8344,8393,8400,8443,8484,8500,8509,8511,8694,8787,8800,8848,8852,8880,8888,8899,8983,9000:9002,9050,9060,9080,9090,9091,9111,9200,9201,9290,9443,9447,9502,9700,9710,9788,9830,9850,9990,9999,10000,10080,10100,10250,10255,10297,10443,11371,12601,13014,15489,15672,16000,16992:16995,17000,18081,19980,20000,23472,29991,30007,30018,30888,33300,34412,34443,34444,36099,37215,40007,41080,44449,49152,49153,50000,50002,50452,51423,53331,54444,55252,55555,56712]". Please check its syntax [DetectPortTestConfVars:detect-engine-port.c:1152]
Error: suricata: basic port vars test failed. Please check suricata.yaml for errors [PostConfLoadedSetup:suricata.c:2758]

Displaying the underlying cause of the error can be easily done as shown:

Error: detect: port range specification is too long; max characters allowed 1024 [DetectPortParseDo:detect-engine-port.c:791]
Error: detect: failed to parse port var "HTTP_PORTS" with value "[21,22,23,36,80:90,311,323,383,443:444,555,591,593,623,631,664,666,801,808,818,901,972,1158,1194,1212,1220,1270,1414,1422,1533,1581,1719:1720,1741,1801,1812,1830,1942,2231,2301,2375,2381,2484,2578,2809,2869,2980,3000,3029,3037,3057,3128,3323,3443,3507,3702,4000,4343,4444,4848,5000,5054,5117,5222,5250,5416,5443,5450,5480,5555,5601,5814,5894,5984:5986,6060,6080,6173,6610,6767,6988,7000:7001,7005,7070:7071,7080,7144:7145,7180:7181,7510,7770,7777:7779,8000:8001,8008,8014:8015,8020,8028,8040,8060,8080:8082,8085,8088,8090,8095,8118,8123,8161,8180:8182,8222,8243,8280,8300,8333,8344,8393,8400,8443,8484,8500,8509,8511,8694,8787,8800,8848,8852,8880,8888,8899,8983,9000:9002,9050,9060,9080,9090,9091,9111,9200,9201,9290,9443,9447,9502,9700,9710,9788,9830,9850,9990,9999,10000,10080,10100,10250,10255,10297,10443,11371,12601,13014,15489,15672,16000,16992:16995,17000,18081,19980,20000,23472,29991,30007,30018,30888,33300,34412,34443,34444,36099,37215,40007,41080,44449,49152,49153,50000,50002,50452,51423,53331,54444,55252,55555,56712]". Please check its syntax [DetectPortTestConfVars:detect-engine-port.c:1157]
Error: suricata: basic port vars test failed. Please check suricata.yaml for errors [PostConfLoadedSetup:suricata.c:2758]