Snort package on 64 doesn't work
-
I am not able to get snort to start also I also unchecked my block offender and re-checked it and it did not work. Also I deleted the interface in snort and recreated and also did not work. I am running AMD64 version also; does anyone else have anymore tips to fix this?
-
I am not able to get snort to start also I also unchecked my block offender and re-checked it and it did not work. Also I deleted the interface in snort and recreated and also did not work. I am running AMD64 version also; does anyone else have anymore tips to fix this?
SSH into pfsense and run:
/usr/local/bin/snort -u snort -g snort -v -l /var/log/snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_<number>_<interface>/snort.conf -i <interface></interface></interface></number>
The error(s) should appear
-
I ran your command " /usr/local/bin/snort -u snort -g snort -v -l /var/log/snort –pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_61267_re0/snort.conf -i re0 " and I received the error message below
/libexec/ld-elf.so.1: Shared object "libpcap.so.1" not found, required by "snort"
-
I ran your command " /usr/local/bin/snort -u snort -g snort -v -l /var/log/snort –pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_61267_re0/snort.conf -i re0 " and I received the error message below
/libexec/ld-elf.so.1: Shared object "libpcap.so.1" not found, required by "snort"
make sure /usr/lib/libpcap.so is there then run..
ln -s /usr/lib/libpcap.so /usr/lib/libpcap.so.1
And try again
-
thx linking both files worked i just had to turn off block offender and restart and it worked. Thx again for your help
-
I have one more question when I enable block offenders snort does not work and when I disable it snort works. I found the link below saying that snort package is missing some kind of spoink code?
http://redmine.pfsense.org/issues/1753
-
I ran your command " /usr/local/bin/snort -u snort -g snort -v -l /var/log/snort –pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_61267_re0/snort.conf -i re0 " and I received the error message below
/libexec/ld-elf.so.1: Shared object "libpcap.so.1" not found, required by "snort"
make sure /usr/lib/libpcap.so is there then run..
ln -s /usr/lib/libpcap.so /usr/lib/libpcap.so.1
And try again
Can't thank you enough! Snort is working again after so long, such an easy fix!
-
it seems a bit weird snort is running but I am not receiving any alerts
-
are your preprocessors turned on? goto https://www.grc.com/x/ne.dll?bh0bkyd2 to test snort… you should get a scan alert
-
yes all options are turned on for preprocessors and did a all port scan on the site below and no alerts.
-
i have no idea ??? It worked for me last weekend… Are your running 2.0RC3 or 2.1-Dev?
-
I am running 2.0rc3 64bit
-
I have one more question when I enable block offenders snort does not work and when I disable it snort works. I found the link below saying that snort package is missing some kind of spoink code?
http://redmine.pfsense.org/issues/1753
spoink is an Open BSD output plugin that adds the offending host to the block list in snort. I was always under the impression that pfsense used snort2c to do that job. Seems I was wrong.
-
I am running 2.0rc3 64bit
i'll have to start a vm for 2.0rc3… I tried 2.1 Dev last weekend and it worked for me
-
I am running 2.0rc3 64bit
i'll have to start a vm for 2.0rc3… I tried 2.1 Dev last weekend and it worked for me
Running 2.0-RC3 (amd64) built on Sat Aug 6 23:18:46 EDT 2011. Checked "Send alerts to main System logs". I'm getting alerts within the Alerts tab as well as the main system logs.
-
@Ibor:
I am running 2.0rc3 64bit
i'll have to start a vm for 2.0rc3… I tried 2.1 Dev last weekend and it worked for me
Running 2.0-RC3 (amd64) built on Sat Aug 6 23:18:46 EDT 2011. Checked "Send alerts to main System logs". I'm getting alerts within the Alerts tab as well as the main system logs.
So it is working on 2.0RC3..Good to know
-
Can a couple of more folks confirm Snort works on latest amd64 2.0 RC3 snapshots? I tried it on earlier this week and it was not working. Had done clean installs a few times but was never successful to get Snort running. Now on 32-bit 2.0 RC3 as Snort is kinda broken even on 1.2.3 with Snort.org rules not updating. Not a happy camper !!
-
Can a couple of more folks confirm Snort works on latest amd64 2.0 RC3 snapshots? I tried it on earlier this week and it was not working. Had done clean installs a few times but was never successful to get Snort running. Now on 32-bit 2.0 RC3 as Snort is kinda broken even on 1.2.3 with Snort.org rules not updating. Not a happy camper !!
Its works on 2.0RC3 i386… 2 bugs that I know of, Barnyard2 and you can't clear the alerts but you can clear the block list... There are post for a workaround on barnyard2
-
amd64?
-
@Ibor:
I am running 2.0rc3 64bit
i'll have to start a vm for 2.0rc3… I tried 2.1 Dev last weekend and it worked for me
Running 2.0-RC3 (amd64) built on Sat Aug 6 23:18:46 EDT 2011. Checked "Send alerts to main System logs". I'm getting alerts within the Alerts tab as well as the main system logs.
So it is working on 2.0RC3..Good to know
BUT only after entering/executing the following code!! Without it, Snort will not work!
ln -s /usr/lib/libpcap.so /usr/lib/libpcap.so.1