Snort Problems Snap 1-3-2011
-
I just installed the latest snapshot and the content encoding error persists. Also, the Snort package won't start. The system log shows:
Jan 5 09:20:29 SnortStartup[29475]: Snort HARD Reload For 58373_fxp1…
Jan 5 09:20:29 snort[24719]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_58373_fxp1//usr/local/etc/snort/snort_58373_fxp1/rules/snort_attack-responses.rules": No such file or directory.
Jan 5 09:20:29 snort[24719]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_58373_fxp1//usr/local/etc/snort/snort_58373_fxp1/rules/snort_attack-responses.rules": No such file or directory.Is anyone even working on this issue?
-
@nipstech:
I just installed the latest snapshot and the content encoding error persists. Also, the Snort package won't start. The system log shows:
Jan 5 09:20:29 SnortStartup[29475]: Snort HARD Reload For 58373_fxp1…
Jan 5 09:20:29 snort[24719]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_58373_fxp1//usr/local/etc/snort/snort_58373_fxp1/rules/snort_attack-responses.rules": No such file or directory.
Jan 5 09:20:29 snort[24719]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_58373_fxp1//usr/local/etc/snort/snort_58373_fxp1/rules/snort_attack-responses.rules": No such file or directory.Is anyone even working on this issue?
Those errors most of the time indicate your rules need to be downloaded.
Try to force a rules update.
On a different note, with the latest snap can you see the gui? -
I'm using the latest snapshot and the gui shows an "encoding error" (different issue) so I can't even get to the update tab to force an update.
-
@nipstech:
I'm using the latest snapshot and the gui shows an "encoding error" (different issue) so I can't even get to the update tab to force an update.
this thread was started for the gui not showing up in the latest snaps…. ;)
When the issue is resolved, try the update. It seems after a snort package update the rules need to be re-downloaded. Some rules may have been changed/removed and you need to adjust your settings.
If this is not the case, i recommend starting a new thread. (again, when you can see the gui) :) -
as a temporary work around until this is fixed, I opened my config.xml and in the menu section I changed the url for snort from snort_interfaces.php to snort_alerts.php and rebooted. snort_interfaces.php is the only file that this seems to be effecting. Once you actually get into the snort pages, all links work except snort_interfaces.php
-
It worked, thanks!
Hopefully the issue will be fixed soon…Jon
-
confirmed but it's a problem if you can't get into the interfaces to set one up.
-
True…At least the rules can update. I installed the short dashboard widget and I'm not seeing any alerts though, so I assume that none of them are enabled.
-
confirmed but it's a problem if you can't get into the interfaces to set one up.
If you don't already have an interface set up or don't have a backup to restore one from, you can use the snort_interfaces_edit.php page to add one.
-
I just looked at the syslog and snort is working. The dashboard widget is what isn't working.
-
I can edit the interface settings now but still cannot access the interface tab; getting the same content encoding error. It's been about a week since this problem started but it seems like forever and every time I update to a new snapshot I have to spend a lot of time making sure everything is working… getting old but actually worth the time. The price you pay when using a beta version :'(
-
The second snap for today (Mon Jan 10 13:14:45 EST 2011) allows me to see snort_interfaces.php again and all seems to be working as it should.
