Snort
-
It does not matter i did the update twice and still not start with reboot .
-
@cdx304:
It does not matter i did the update twice and still not start with reboot .
Did you try to re-save you interface settings. That will rebuild your missing files.
James
-
Yes sir i did re-save the settings .
-
What is in the system log?
Any Errors? -
May 27 12:11:59 snort[35715]: [ Number of null byte prefixed patterns trimmed: 19648 ]
May 27 12:11:59 snort[35715]: [ Number of null byte prefixed patterns trimmed: 19648 ]
May 27 12:11:59 snort[35715]:
May 27 12:11:59 snort[35715]:
May 27 12:11:59 snort[35715]: –== Initialization Complete ==--
May 27 12:11:59 snort[35715]: –== Initialization Complete ==--
May 27 12:11:59 snort[35715]: Snort initialization completed successfully (pid=35715)
May 27 12:11:59 snort[35715]: Snort initialization completed successfully (pid=35715)
May 27 12:11:59 snort[35715]: Not Using PCAP_FRAMES
May 27 12:11:59 snort[35715]: Not Using PCAP_FRAMES
May 27 12:11:59 snort[35715]:
May 27 12:11:59 snort[35715]:
May 27 12:11:59 snort[35715]: –== Reloading Snort ==--
May 27 12:11:59 snort[35715]: –== Reloading Snort ==--
May 27 12:11:59 snort[35715]:
May 27 12:11:59 snort[35715]:
May 27 12:11:59 snort[35715]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9698_fxp0/snort.conf": No such file or directory.
May 27 12:11:59 snort[35715]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9698_fxp0/snort.conf": No such file or directory.
May 27 12:11:59 kernel: fxp0: promiscuous mode disabled
May 27 12:12:15 dnsmasq[33264]: reading /etc/resolv.conf
May 27 12:12:15 dnsmasq[33264]: using nameserver 208.67.222.222#53
May 27 12:12:15 dnsmasq[33264]: using nameserver 208.67.220.220#53 -
latest log after reboot
May 29 17:49:44 check_reload_status: reloading filter
May 29 17:49:55 check_reload_status: updating dyndns
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]: [ Port Based Pattern Matching Memory ]
May 29 17:49:55 snort[32531]: [ Port Based Pattern Matching Memory ]
May 29 17:49:55 snort[32531]: +-[AC-BNFA Search Info Summary]–----------------------------
May 29 17:49:55 snort[32531]: +-[AC-BNFA Search Info Summary]–----------------------------
May 29 17:49:55 snort[32531]: | Instances : 729
May 29 17:49:55 snort[32531]: | Instances : 729
May 29 17:49:55 snort[32531]: | Patterns : 199662
May 29 17:49:55 snort[32531]: | Patterns : 199662
May 29 17:49:55 snort[32531]: | Pattern Chars : 2233499
May 29 17:49:55 snort[32531]: | Pattern Chars : 2233499
May 29 17:49:55 snort[32531]: | Num States : 1586585
May 29 17:49:55 snort[32531]: | Num States : 1586585
May 29 17:49:55 snort[32531]: | Num Match States : 333501
May 29 17:49:55 snort[32531]: | Num Match States : 333501
May 29 17:49:55 snort[32531]: | Memory : 40.93Mbytes
May 29 17:49:55 snort[32531]: | Memory : 40.93Mbytes
May 29 17:49:55 snort[32531]: | Patterns : 6.70M
May 29 17:49:55 snort[32531]: | Patterns : 6.70M
May 29 17:49:55 snort[32531]: | Match Lists : 15.34M
May 29 17:49:55 snort[32531]: | Match Lists : 15.34M
May 29 17:49:55 snort[32531]: | Transitions : 18.72M
May 29 17:49:55 snort[32531]: | Transitions : 18.72M
May 29 17:49:55 snort[32531]: +–-----------------------------------------------
May 29 17:49:55 snort[32531]: +–-----------------------------------------------
May 29 17:49:55 snort[32531]: [ Number of null byte prefixed patterns trimmed: 8347 ]
May 29 17:49:55 snort[32531]: [ Number of null byte prefixed patterns trimmed: 8347 ]
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]: –== Initialization Complete ==--
May 29 17:49:55 snort[32531]: –== Initialization Complete ==--
May 29 17:49:55 snort[32531]: Snort initialization completed successfully (pid=32531)
May 29 17:49:55 snort[32531]: Snort initialization completed successfully (pid=32531)
May 29 17:49:55 snort[32531]: Not Using PCAP_FRAMES
May 29 17:49:55 snort[32531]: Not Using PCAP_FRAMES
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]: –== Reloading Snort ==--
May 29 17:49:55 snort[32531]: –== Reloading Snort ==--
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]:
May 29 17:49:55 snort[32531]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_39431_xl0/snort.conf": No such file or directory.
May 29 17:49:55 snort[32531]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_39431_xl0/snort.conf": No such file or directory.
May 29 17:49:56 kernel: xl0: promiscuous mode disabled
May 29 17:50:55 dnsmasq[32812]: reading /etc/resolv.conf
May 29 17:50:55 dnsmasq[32812]: using nameserver 208.67.222.222#53
May 29 17:50:55 dnsmasq[32812]: using nameserver 208.67.220.220#53 -
If i restart pfsense …..I have to manually start snort it will not otherwise .
-
This may or may not be in the same related problem-field but I've found that with mine I have to disable any 'Emerging' categories and then save. I'll get the same or similar error (no pattern really) of conf not found.
Then enable the emerging threats one at a time until I find one that causes an error so I just leave that one out.
It has happened a few times now, but by the next rule update that particular category (changes which one each time) is fixed - though another might have a problem.
Might try that if you have the problem again and other solutions don't work. IF you use those categories :)
-
I tried that and it does not work .
-
This may or may not be in the same related problem-field but I've found that with mine I have to disable any 'Emerging' categories and then save. I'll get the same or similar error (no pattern really) of conf not found.
Then enable the emerging threats one at a time until I find one that causes an error so I just leave that one out.
It has happened a few times now, but by the next rule update that particular category (changes which one each time) is fixed - though another might have a problem.
Might try that if you have the problem again and other solutions don't work. IF you use those categories :)
Version 1.25 worked fine but the updates would not work .
-
Have you even seen if the file or directory truely exists? If the directory exits but not the file have you tried " touch /usr/local/etc/snort/snort_9698_fxp0/snort.conf" in the shell?
-
Have you even seen if the file or directory truely exists? If the directory exits but not the file have you tried " touch /usr/local/etc/snort/snort_9698_fxp0/snort.conf" in the shell?
g4m3c4ck has a good idea.
I have a few hours this morning to work on this issue.
I'm going to add code to create missing files when a save is executed.James