Will snort turn itself off?

luciferactual

Forgive me in advance:

I'm new at this so.. I installed PFsense and updated it with 'Full-upgrade-1.2.2.', I installed (or added) snort via PFsense and everthing was running fine for a week. I check the PFsense every day before I do any heavy lifting on my machine, today I noticed snort was not running in services, is there any logical reason for this or should I be worried. I did have the box checked for updating snort once a week.

I tried to review the snort logs nothing appeared as blocked, I looked at the firewall logs and from what I could tell it was just my machine connected to PFsense-my-mac-my i.p. I was spooked, so, what I did was restore to the most recent and complete back-up and changed my password. Now everything appears to be running again.

My network is just my machine sitting behind PFsense. running version  1.2.2. I'm not quite sure how to retrieve and post logs at this point or I would have added what I thought to be relevant.

thank you in advance

Blue-Lou

ColdFusion

Snort has gone thru many changes the last week or two..It was just recently updated today. I would re-install snort.

luciferactual

Will do, thanks!

luciferactual

Ok…so I checked today and again snort was not running, (indicated by the red 'X') in the packages list. I did, however, find this entry:

snort[12994]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine.

Now from what I can understand here is that, again, I'm assuming is that the snort version I'm running is not compatible with my current pfsense build? Which is 1.2.2. with the updates added.  I have not reconfigured the system or made any changes at this point awaiting suggestions or advice.

Thank you in advance.

Lou.

jamesdean

@luciferactual:

Ok…so I checked today and again snort was not running, (indicated by the red 'X') in the packages list. I did, however, find this entry:

snort[12994]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine.

Now from what I can understand here is that, again, I'm assuming is that the snort version I'm running is not compatible with my current pfsense build? Which is 1.2.2. with the updates added.  I have not reconfigured the system or made any changes at this point awaiting suggestions or advice.

Thank you in advance.

Lou.

type this in the terminal

"rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"

James

luciferactual

James,

While waiting I tried a few things, I updated the firmware with the most current update (jan. 8th) and then I updated the snort rules. Snort said I was using older rules. Everything appeared to go smoothly. I restarted the machine and restarted snort. Everything seams to be working should I still add this line?

"rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"

Thank you.

Lou

jamesdean

@luciferactual:

James,

While waiting I tried a few things, I updated the firmware with the most current update (jan. 8th) and then I updated the snort rules. Snort said I was using older rules. Everything appeared to go smoothly. I restarted the machine and restarted snort. Everything seams to be working should I still add this line?

"rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"

Thank you.

Lou

No..

luciferactual

James,

Copy that. I'll update you if need be.

Thanks

Lou.