Snort, problem with startup services
-
simby
Sorry, this all my fault.
There is a bug in snort-dev, rule files are not being copied over after updates.
Rules are only being copied after interface creation.Fix
Manually copy "cp /usr/local/etc/snort/rules* /usr/local/etc/snort/snort_myinterface/rules
or
Delete all your interfaces.
Update your rules.
Create your interfaces.Merry Christmas
James -
Thanks, fixed now. Do i need to do this on every update of snort rules?
-
now i have this problem:
Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so… ERROR: Failed to load /usr/local/lib/snort_dynamicengine/libsf_engine.so: Cannot open "/usr/local/lib/snort_dynamicengine/libsf_engine.so"
Fatal Error, Quitting.. -
now i have this problem:
Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so… ERROR: Failed to load /usr/local/lib/snort_dynamicengine/libsf_engine.so: Cannot open "/usr/local/lib/snort_dynamicengine/libsf_engine.so"
Fatal Error, Quitting..Reinstall the snort-dev package I added code today.
Fallow my changes at https://rcs.pfsense.org/users/robiscool
James
-
Thanks!!! & for link :)
-
pfsense 1.2.3-RELEASE
snort-dev 2.8.4.1_7 pkg v. 1.8short Rules tab error:
please work Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 35 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 36 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 37 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 38 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 39cant save/apply enable new rules
snort to dashboard gives 404 - Not Found
-
pfsense 1.2.3-RELEASE
snort-dev 2.8.4.1_7 pkg v. 1.8short Rules tab error:
please work Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 35 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 36 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 37 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 38 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_rules.php:390) in /usr/local/www/guiconfig.inc on line 39cant save/apply enable new rules
snort to dashboard gives 404 - Not Found
Updated code…...
Am all done with snort_blocked.php and snort_alerts.php.snort_rules.php is to slow.
Im adding code to make it faster.
James
-
On alerts blocked we have this error:
Warning: array_unique(): The argument should be an array in /usr/local/www/snort/snort_blocked.php on line 345 Warning: Invalid argument supplied for foreach() in /usr/local/www/snort/snort_blocked.php on line 350 ;)
-
I have just tested and the code works.
Do you have the latest code ?
Do you have alerts that are not blocked ?
James
-
Yes, i have the last code from today,… i will add you later picture.
-
Picture,… can you please fix this log reporting to fix the new theme :)
-
Picture,… can you please fix this log reporting to fix the new theme :)
Updated code to deal with corrupted alerts file, said error should be fixed now.
Now Im working on snort_rules.php trying to make it faster.
James
-
snort-dev 2.8.4.1_7 pkg v. 1.8
PROTO:255 (portscan) UDP Filtered Portsweep Prep x.x.x.x empty -> x.x.x.x empty 122:23:0 01/03-16:46:06
what snort rule triggers the alert above