Snort - Network Interface Mismatch
-
Ahh yea well that is what i was looking for. To the path of the config file to remove it. I will try that soon before I reboot to see if it fixes my prob. Thanks.
I was sure my process wasnt needed in its entirety but I didnt know what file on the machine to edit to remove it.This should make it tons easier.
-
when you removed that bogus line did it remove the entry in the interfaces menu? I removed my re0/ and havent rebooted yet but was wondering if it would update the menu. I was using the menu to see if the ghost interface was there before I would reboot.
-
FYI- if you edit the config at the command line, be sure to rm /tmp/config.cache when finished.
If you use the viconfig shortcut, this is handled automatically.
-
I found a case where it might be possible that the interface could be duplicated in certain conditions under snort.
If you could reinstall snort any time after 10:20am EDT today and then try to see if you can replicate the issue again.
-
I found a case where it might be possible that the interface could be duplicated in certain conditions under snort.
If you could reinstall snort any time after 10:20am EDT today and then try to see if you can replicate the issue again.
Excellent I will try that then.@jimp:
FYI- if you edit the config at the command line, be sure to rm /tmp/config.cache when finished.
If you use the viconfig shortcut, this is handled automatically.
I just edited the file via the webgui / edit file area. Can I just browse to the tmp location and delete the cache? Dont have a keyboard hooked up t the system at the moment.
-
Actually I found one more place that is more likely to have caused the problem. Reinstall again if you haven't yet done it.
As for editing via the GUI, you can rm /tmp/config.cache by Diagnostics > Command, and then just edit/save anywhere in the GUI to trigger a filter sync.
-
Actually I found one more place that is more likely to have caused the problem. Reinstall again if you haven't yet done it.
As for editing via the GUI, you can rm /tmp/config.cache by Diagnostics > Command, and then just edit/save anywhere in the GUI to trigger a filter sync.
Ok thanks. I will be able to do this later this evening. I appreciate the quick turn around on this.
-
I just updated the package, and it still has a problem. I deleted the "bad" line in config.xml and removed config.cache, went to snort Global Settings and hit save - at this point config.xml is still ok, I then hit Apply and it adds a bad line.
It's slightly different now, previously it was "<re0>" and now it's "" … but still there.</re0>
-
So at least it seems we're on the right track… :-)
I'll look for any other places where it might be doing anything like that kind of thing.
I made some changes in the base OS as well to see if things there might be affected, might not be in the next snap, but the one after it should have them.
-
OK, Efonne spotted another place that could have done this and I committed a fix and bumped the version of the snort package. Try it again, if you can.
-
OK, Efonne spotted another place that could have done this and I committed a fix and bumped the version of the snort package. Try it again, if you can.
I think you've got it fixed. However:
In testing again, I fixed the config file, removed the config.cache, verified the config was fixed (and even changed/saved a firewall rule to verify the save there didn't have the problem) - now updated to snort package version 1.35. I checked the config at this point and the "" was back again.
I fixed the config again, removed config.cache, and hit the snort Global Settings tab. save, apply … seems to be fixed. I ran around a number of snort menus and the problem didn't recur.
So... just beware you have to fix your config one last time after you update from a "bad" version (1.34).
-
Excellent work everyone! I will keep that in mind once I am able to test it.
-
Your fix on the snort package did the trick. I uninstalled/installed latest version and then attempted same save on the global settings and no more duplicate device. :-)
I didnt have the issue as posted above of having to delete the duplicate again (fixing the config file again)… Mine was good to go and I tried a few times with saving settings and no problems.
Thanks again for the quick fix to this issue!!!