Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort: Failing messages - FATAL ERROR: Failed to Lock PID

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mentalhemroids
      last edited by

      I just tried to install snort last night and noticed it started up fine, but I had to make several changes to settings to get it to start.  It's running on current version 2.0-RC3  (i386) built on Sat Aug 20 13:09:49 EDT 2011, but I'm not getting anything in the alerts and have played with the settings several ways to see if I can get different results.  So far it hasn't made a difference  I even installed it on another machine with same version snapshot and same settings, other than oink code.  I don't know if anyone else is having this problem, but any help is appreciated.

      1 Reply Last reply Reply Quote 0
      • M
        mentalhemroids
        last edited by

        snort logs if anyone's interested -

        Aug 21 15:34:28 SnortStartup[17541]: Snort HARD Reload For 9713_bge1…
        Aug 21 15:34:28 snort[17358]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge19713.pid" for PID "17358"
        Aug 21 15:34:28 snort[17358]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge19713.pid" for PID "17358"
        Aug 21 15:34:28 snort[17358]: PID path stat checked out ok, PID path set to /var/log/snort/run
        Aug 21 15:34:28 snort[17358]: PID path stat checked out ok, PID path set to /var/log/snort/run
        Aug 21 15:34:28 snort[17358]: Checking PID path…
        Aug 21 15:34:28 snort[17358]: Checking PID path…
        Aug 21 15:34:28 snort[17189]: Daemon parent exiting
        Aug 21 15:34:28 snort[17189]: Daemon parent exiting
        Aug 21 15:34:28 snort[17358]: Daemon initialized, signaled parent pid: 17189
        Aug 21 15:34:28 snort[17358]: Daemon initialized, signaled parent pid: 17189
        Aug 21 15:34:28 snort[17189]: Initializing daemon mode
        Aug 21 15:34:28 snort[17189]: Initializing daemon mode
        Aug 21 15:34:28 snort[17189]: Initializing Network Interface bge1
        Aug 21 15:34:28 snort[17189]: Initializing Network Interface bge1
        Aug 21 15:34:28 snort[17189]: Verifying Preprocessor Configurations!
        Aug 21 15:34:28 snort[17189]: Verifying Preprocessor Configurations!
        Aug 21 15:34:28 snort[17189]: Rule application order: activation->dynamic->pass->drop->alert->log
        Aug 21 15:34:28 snort[17189]: Rule application order: activation->dynamic->pass->drop->alert->log
        Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: +–---------------------[suppression]–----------------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[suppression]–----------------------------------------
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-local]–---------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-local]–---------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-global]–--------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-global]–--------------------------------
        Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
        Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
        Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-config]–--------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-config]–--------------------------------
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-rules]–----------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-rules]–----------------------------------
        Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
        Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
        Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-config]–---------------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-config]–---------------------------------
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: | none
        Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-rules]–-----------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-rules]–-----------------------------
        Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
        Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
        Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-config]–----------------------------
        Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-config]–----------------------------
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: +–--------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: +–--------------------------------------------------------------------------
        Aug 21 15:34:28 snort[17189]: | s+d 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | s+d 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | nc 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | nc 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | any 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | any 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | dst 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | dst 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | src 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | src 0 0 0 0
        Aug 21 15:34:28 snort[17189]: | tcp udp icmp ip
        Aug 21 15:34:28 snort[17189]: | tcp udp icmp ip
        Aug 21 15:34:28 snort[17189]: +–-----------------[Rule Port Counts]–-------------------------------------
        Aug 21 15:34:28 snort[17189]: +–-----------------[Rule Port Counts]–-------------------------------------
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
        Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
        Aug 21 15:34:28 snort[17189]: 0 Dynamic rules
        Aug 21 15:34:28 snort[17189]: 0 Dynamic rules
        Aug 21 15:34:28 snort[17189]: 0 Option Chains linked into 0 Chain Headers
        Aug 21 15:34:28 snort[17189]: 0 Option Chains linked into 0 Chain Headers
        Aug 21 15:34:28 snort[17189]: 0 preprocessor rules
        Aug 21 15:34:28 snort[17189]: 0 preprocessor rules
        Aug 21 15:34:28 snort[17189]: 0 decoder rules
        Aug 21 15:34:28 snort[17189]: 0 decoder rules
        Aug 21 15:34:28 snort[17189]: 0 detection rules
        Aug 21 15:34:28 snort[17189]: 0 detection rules
        Aug 21 15:34:28 snort[17189]: 0 Snort rules read
        Aug 21 15:34:28 snort[17189]: 0 Snort rules read
        Aug 21 15:34:28 snort[17189]: Initializing rule chains…
        Aug 21 15:34:28 snort[17189]: Initializing rule chains…
        Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
        Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: Server side data is trusted
        Aug 21 15:34:28 snort[17189]: Server side data is trusted
        Aug 21 15:34:28 snort[17189]: 1194
        Aug 21 15:34:28 snort[17189]: 1194
        Aug 21 15:34:28 snort[17189]: 990 992 993 994 995
        Aug 21 15:34:28 snort[17189]: 990 992 993 994 995
        Aug 21 15:34:28 snort[17189]: 443 465 563 636 989
        Aug 21 15:34:28 snort[17189]: 443 465 563 636 989
        Aug 21 15:34:28 snort[17189]: Ports:
        Aug 21 15:34:28 snort[17189]: Ports:
        Aug 21 15:34:28 snort[17189]: Encrypted packets: not inspected
        Aug 21 15:34:28 snort[17189]: Encrypted packets: not inspected
        Aug 21 15:34:28 snort[17189]: SSLPP config:
        Aug 21 15:34:28 snort[17189]: SSLPP config:
        Aug 21 15:34:28 snort[17189]: Maximum SMB command chaining: 3 commands
        Aug 21 15:34:28 snort[17189]: Maximum SMB command chaining: 3 commands
        Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
        Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
        Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 1025-65535
        Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 1025-65535
        Aug 21 15:34:28 snort[17189]: UDP: 1025-65535
        Aug 21 15:34:28 snort[17189]: UDP: 1025-65535
        Aug 21 15:34:28 snort[17189]: TCP: 1025-65535
        Aug 21 15:34:28 snort[17189]: TCP: 1025-65535
        Aug 21 15:34:28 snort[17189]: SMB: None
        Aug 21 15:34:28 snort[17189]: SMB: None
        Aug 21 15:34:28 snort[17189]: Autodetect ports
        Aug 21 15:34:28 snort[17189]: Autodetect ports
        Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
        Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
        Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 593
        Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 593
        Aug 21 15:34:28 snort[17189]: UDP: 135
        Aug 21 15:34:28 snort[17189]: UDP: 135
        Aug 21 15:34:28 snort[17189]: TCP: 135
        Aug 21 15:34:28 snort[17189]: TCP: 135
        Aug 21 15:34:28 snort[17189]: SMB: 139 445
        Aug 21 15:34:28 snort[17189]: SMB: 139 445
        Aug 21 15:34:28 snort[17189]: Detect ports
        Aug 21 15:34:28 snort[17189]: Detect ports
        Aug 21 15:34:28 snort[17189]: Policy: WinXP
        Aug 21 15:34:28 snort[17189]: Policy: WinXP
        Aug 21 15:34:28 snort[17189]: Server Default Configuration
        Aug 21 15:34:28 snort[17189]: Server Default Configuration
        Aug 21 15:34:28 snort[17189]: Events: smb co cl
        Aug 21 15:34:28 snort[17189]: Events: smb co cl
        Aug 21 15:34:28 snort[17189]: Memcap: 102400 KB
        Aug 21 15:34:28 snort[17189]: Memcap: 102400 KB
        Aug 21 15:34:28 snort[17189]: DCE/RPC Defragmentation: Enabled
        Aug 21 15:34:28 snort[17189]: DCE/RPC Defragmentation: Enabled
        Aug 21 15:34:28 snort[17189]: Global Configuration
        Aug 21 15:34:28 snort[17189]: Global Configuration
        Aug 21 15:34:28 snort[17189]: DCE/RPC 2 Preprocessor Configuration
        Aug 21 15:34:28 snort[17189]: DCE/RPC 2 Preprocessor Configuration
        Aug 21 15:34:28 snort[17189]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
        Aug 21 15:34:28 snort[17189]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
        Aug 21 15:34:28 snort[17189]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
        Aug 21 15:34:28 snort[17189]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
        Aug 21 15:34:28 snort[17189]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
        Aug 21 15:34:28 snort[17189]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
        Aug 21 15:34:28 snort[17189]: IIS Delimiter: YES alert: NO
        Aug 21 15:34:28 snort[17189]: IIS Delimiter: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Apache WhiteSpace: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Apache WhiteSpace: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Web Root Traversal: YES alert: YES
        Aug 21 15:34:28 snort[17189]: Web Root Traversal: YES alert: YES
        Aug 21 15:34:28 snort[17189]: Directory Traversal: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Directory Traversal: YES alert: NO
        Aug 21 15:34:28 snort[17189]: IIS Backslash: YES alert: NO
        Aug 21 15:34:28 snort[17189]: IIS Backslash: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Multiple Slash: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Multiple Slash: YES alert: NO
        Aug 21 15:34:28 snort[17189]: IIS Unicode: YES alert: NO
        Aug 21 15:34:28 snort[17189]: IIS Unicode: YES alert: NO
        Aug 21 15:34:28 snort[17189]: UTF 8: YES alert: NO
        Aug 21 15:34:28 snort[17189]: UTF 8: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Base36: OFF
        Aug 21 15:34:28 snort[17189]: Base36: OFF
        Aug 21 15:34:28 snort[17189]: Bare Byte: YES alert: YES
        Aug 21 15:34:28 snort[17189]: Bare Byte: YES alert: YES
        Aug 21 15:34:28 snort[17189]: %U Encoding: YES alert: YES
        Aug 21 15:34:28 snort[17189]: %U Encoding: YES alert: YES
        Aug 21 15:34:28 snort[17189]: Double Decoding: YES alert: YES
        Aug 21 15:34:28 snort[17189]: Double Decoding: YES alert: YES
        Aug 21 15:34:28 snort[17189]: Ascii: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Ascii: YES alert: NO
        Aug 21 15:34:28 snort[17189]: Extended ASCII code support in URI: NO
        Aug 21 15:34:28 snort[17189]: Extended ASCII code support in URI: NO
        Aug 21 15:34:28 snort[17189]: Normalize HTTP Cookies: NO
        Aug 21 15:34:28 snort[17189]: Normalize HTTP Cookies: NO
        Aug 21 15:34:28 snort[17189]: Inspect HTTP Responses: NO
        Aug 21 15:34:28 snort[17189]: Inspect HTTP Responses: NO
        Aug 21 15:34:28 snort[17189]: Inspect HTTP Cookies: NO
        Aug 21 15:34:28 snort[17189]: Inspect HTTP Cookies: NO
        Aug 21 15:34:28 snort[17189]: Normalize HTTP Headers: NO
        Aug 21 15:34:28 snort[17189]: Normalize HTTP Headers: NO
        Aug 21 15:34:28 snort[17189]: Only inspect URI: NO
        Aug 21 15:34:28 snort[17189]: Only inspect URI: NO
        Aug 21 15:34:28 snort[17189]: Oversize Dir Length: 0
        Aug 21 15:34:28 snort[17189]: Oversize Dir Length: 0
        Aug 21 15:34:28 snort[17189]: Disable Alerting: NO
        Aug 21 15:34:28 snort[17189]: Disable Alerting: NO
        Aug 21 15:34:28 snort[17189]: Allow Proxy Usage: NO
        Aug 21 15:34:28 snort[17189]: Allow Proxy Usage: NO
        Aug 21 15:34:28 snort[17189]: URI Discovery Strict Mode: NO
        Aug 21 15:34:28 snort[17189]: URI Discovery Strict Mode: NO
        Aug 21 15:34:28 snort[17189]: Inspect Pipeline Requests: YES
        Aug 21 15:34:28 snort[17189]: Inspect Pipeline Requests: YES
        Aug 21 15:34:28 snort[17189]: Max Number Header Fields: 0
        Aug 21 15:34:28 snort[17189]: Max Number Header Fields: 0
        Aug 21 15:34:28 snort[17189]: Max Header Field Length: 0
        Aug 21 15:34:28 snort[17189]: Max Header Field Length: 0
        Aug 21 15:34:28 snort[17189]: Max Chunk Length: 500000
        Aug 21 15:34:28 snort[17189]: Max Chunk Length: 500000
        Aug 21 15:34:28 snort[17189]: Client Flow Depth: 300
        Aug 21 15:34:28 snort[17189]: Client Flow Depth: 300
        Aug 21 15:34:28 snort[17189]: Server Flow Depth: 0
        Aug 21 15:34:28 snort[17189]: Server Flow Depth: 0
        Aug 21 15:34:28 snort[17189]: Ports: 80 8080
        Aug 21 15:34:28 snort[17189]: Ports: 80 8080
        Aug 21 15:34:28 snort[17189]: Server profile: All
        Aug 21 15:34:28 snort[17189]: Server profile: All
        Aug 21 15:34:28 snort[17189]: DEFAULT SERVER CONFIG:
        Aug 21 15:34:28 snort[17189]: DEFAULT SERVER CONFIG:
        Aug 21 15:34:28 snort[17189]: IIS Unicode Map Codepage: 1252
        Aug 21 15:34:28 snort[17189]: IIS Unicode Map Codepage: 1252
        Aug 21 15:34:28 snort[17189]: IIS Unicode Map Filename: /usr/local/etc/snort/snort_9713_bge1/unicode.map
        Aug 21 15:34:28 snort[17189]: IIS Unicode Map Filename: /usr/local/etc/snort/snort_9713_bge1/unicode.map
        Aug 21 15:34:28 snort[17189]: Detect Proxy Usage: NO
        Aug 21 15:34:28 snort[17189]: Detect Proxy Usage: NO
        Aug 21 15:34:28 snort[17189]: Inspection Type: STATELESS
        Aug 21 15:34:28 snort[17189]: Inspection Type: STATELESS
        Aug 21 15:34:28 snort[17189]: Max Pipeline Requests: 0
        Aug 21 15:34:28 snort[17189]: Max Pipeline Requests: 0
        Aug 21 15:34:28 snort[17189]: GLOBAL CONFIG
        Aug 21 15:34:28 snort[17189]: GLOBAL CONFIG
        Aug 21 15:34:28 snort[17189]: HttpInspect Config:
        Aug 21 15:34:28 snort[17189]: HttpInspect Config:
        Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
        Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
        Aug 21 15:34:28 snort[17189]: Stream5 ICMP Policy config:
        Aug 21 15:34:28 snort[17189]: Stream5 ICMP Policy config:
        Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
        Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
        Aug 21 15:34:28 snort[17189]: Stream5 UDP Policy config:
        Aug 21 15:34:28 snort[17189]: Stream5 UDP Policy config:
        Aug 21 15:34:28 snort[17189]: 19 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 19 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 18 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 18 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 17 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 17 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 16 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 16 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 15 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 15 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 14 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 14 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 13 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 13 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 12 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 12 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 11 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 11 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 10 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 10 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 9 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 9 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 8 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 8 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 7 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 7 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 6 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 6 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 5 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 5 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 4 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 4 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 3 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 3 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 2 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 2 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 1 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 1 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 0 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: 0 client (Footprint) server (Footprint)
        Aug 21 15:34:28 snort[17189]: Reassembly Ports:
        Aug 21 15:34:28 snort[17189]: Reassembly Ports:
        Aug 21 15:34:28 snort[17189]: Static Flushpoint Sizes: YES
        Aug 21 15:34:28 snort[17189]: Static Flushpoint Sizes: YES
        Aug 21 15:34:28 snort[17189]: Options:
        Aug 21 15:34:28 snort[17189]: Options:
        Aug 21 15:34:28 snort[17189]: Maximum number of segs to queue per session: 2621
        Aug 21 15:34:28 snort[17189]: Maximum number of segs to queue per session: 2621
        Aug 21 15:34:28 snort[17189]: Maximum number of bytes to queue per session: 1048576
        Aug 21 15:34:28 snort[17189]: Maximum number of bytes to queue per session: 1048576
        Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
        Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
        Aug 21 15:34:28 snort[17189]: Reassembly Policy: BSD
        Aug 21 15:34:28 snort[17189]: Reassembly Policy: BSD
        Aug 21 15:34:28 snort[17189]: Stream5 TCP Policy config:
        Aug 21 15:34:28 snort[17189]: Stream5 TCP Policy config:
        Aug 21 15:34:28 snort[17189]: Log info if session memory consumption exceeds 1048576
        Aug 21 15:34:28 snort[17189]: Log info if session memory consumption exceeds 1048576
        Aug 21 15:34:28 snort[17189]: Max ICMP sessions: 65536
        Aug 21 15:34:28 snort[17189]: Max ICMP sessions: 65536
        Aug 21 15:34:28 snort[17189]: Track ICMP sessions: ACTIVE
        Aug 21 15:34:28 snort[17189]: Track ICMP sessions: ACTIVE
        Aug 21 15:34:28 snort[17189]: Max UDP sessions: 131072
        Aug 21 15:34:28 snort[17189]: Max UDP sessions: 131072
        Aug 21 15:34:28 snort[17189]: Track UDP sessions: ACTIVE
        Aug 21 15:34:28 snort[17189]: Track UDP sessions: ACTIVE
        Aug 21 15:34:28 snort[17189]: Memcap (for reassembly packet storage): 8388608
        Aug 21 15:34:28 snort[17189]: Memcap (for reassembly packet storage): 8388608
        Aug 21 15:34:28 snort[17189]: Max TCP sessions: 8192
        Aug 21 15:34:28 snort[17189]: Max TCP sessions: 8192
        Aug 21 15:34:28 snort[17189]: Track TCP sessions: ACTIVE
        Aug 21 15:34:28 snort[17189]: Track TCP sessions: ACTIVE
        Aug 21 15:34:28 snort[17189]: Stream5 global config:
        Aug 21 15:34:28 snort[17189]: Stream5 global config:
        Aug 21 15:34:28 snort[17189]: Min fragment Length: 0
        Aug 21 15:34:28 snort[17189]: Min fragment Length: 0
        Aug 21 15:34:28 snort[17189]: Overlap Limit: 0
        Aug 21 15:34:28 snort[17189]: Overlap Limit: 0
        Aug 21 15:34:28 snort[17189]: Fragment Problems: 1
        Aug 21 15:34:28 snort[17189]: Fragment Problems: 1
        Aug 21 15:34:28 snort[17189]: Fragment min_ttl: 1
        Aug 21 15:34:28 snort[17189]: Fragment min_ttl: 1
        Aug 21 15:34:28 snort[17189]: Fragment timeout: 60 seconds
        Aug 21 15:34:28 snort[17189]: Fragment timeout: 60 seconds
        Aug 21 15:34:28 snort[17189]: Target-based policy: BSD
        Aug 21 15:34:28 snort[17189]: Target-based policy: BSD
        Aug 21 15:34:28 snort[17189]: Frag3 engine config:
        Aug 21 15:34:28 snort[17189]: Frag3 engine config:
        Aug 21 15:34:28 snort[17189]: Fragment memory cap: 4194304 bytes
        Aug 21 15:34:28 snort[17189]: Fragment memory cap: 4194304 bytes
        Aug 21 15:34:28 snort[17189]: Max frags: 8192
        Aug 21 15:34:28 snort[17189]: Max frags: 8192
        Aug 21 15:34:28 snort[17189]: Frag3 global config:
        Aug 21 15:34:28 snort[17189]: Frag3 global config:
        Aug 21 15:34:28 snort[17189]: Log directory = /var/log/snort
        Aug 21 15:34:28 snort[17189]: Log directory = /var/log/snort
        Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor
        Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
        Aug 21 15:34:28 snort[17189]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor…
        Aug 21 15:34:28 snort[17189]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor…
        Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules
        Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules
        Aug 21 15:34:28 snort[17189]: Warning: No dynamic libraries found in directory /usr/local/lib/snort/dynamicrules!
        Aug 21 15:34:28 snort[17189]: Warning: No dynamic libraries found in directory /usr/local/lib/snort/dynamicrules!
        Aug 21 15:34:28 snort[17189]: Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules…
        Aug 21 15:34:28 snort[17189]: Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules…
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: done
        Aug 21 15:34:28 snort[17189]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
        Aug 21 15:34:28 snort[17189]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
        Aug 21 15:34:28 snort[17189]: Tagged Packet Limit: 256
        Aug 21 15:34:28 snort[17189]: Tagged Packet Limit: 256
        Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
        Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
        Aug 21 15:34:28 snort[17189]: Search-Method = AC-Banded
        Aug 21 15:34:28 snort[17189]: Search-Method = AC-Banded
        Aug 21 15:34:28 snort[17189]: Detection:
        Aug 21 15:34:28 snort[17189]: Detection:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 6503:6504 ]
        Aug 21 15:34:28 snort[17189]: [ 6503:6504 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_BRIGHTSTORE' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_BRIGHTSTORE' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 2103 2105 2107 ]
        Aug 21 15:34:28 snort[17189]: [ 2103 2105 2107 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_TCP' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_TCP' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 135 593 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: [ 135 593 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 135 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: [ 135 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 135 139 445 593 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: [ 135 139 445 593 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 138 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: [ 138 1024:65535 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 139 445 ]
        Aug 21 15:34:28 snort[17189]: [ 139 445 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 5060:5090 16384:32768 ]
        Aug 21 15:34:28 snort[17189]: [ 5060:5090 16384:32768 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SIP_PROXY_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SIP_PROXY_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 443 465 563 636 989:990 992:995 ]
        Aug 21 15:34:28 snort[17189]: [ 443 465 563 636 989:990 992:995 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SSL_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SSL_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 25 143 465 691 ]
        Aug 21 15:34:28 snort[17189]: [ 25 143 465 691 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'MAIL_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'MAIL_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 23 ]
        Aug 21 15:34:28 snort[17189]: [ 23 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'TELNET_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'TELNET_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 44 ]
        Aug 21 15:34:28 snort[17189]: [ 44 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SSH_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SSH_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 161 ]
        Aug 21 15:34:28 snort[17189]: [ 161 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SNMP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SNMP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 25 ]
        Aug 21 15:34:28 snort[17189]: [ 25 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SMTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SMTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 139 445 ]
        Aug 21 15:34:28 snort[17189]: [ 139 445 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SMB_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SMB_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 514 ]
        Aug 21 15:34:28 snort[17189]: [ 514 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'RSH_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'RSH_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 513 ]
        Aug 21 15:34:28 snort[17189]: [ 513 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'RLOGIN_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'RLOGIN_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 111 32770:32779 ]
        Aug 21 15:34:28 snort[17189]: [ 111 32770:32779 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SUNRPC_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SUNRPC_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 110 ]
        Aug 21 15:34:28 snort[17189]: [ 110 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'POP3_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'POP3_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 109 ]
        Aug 21 15:34:28 snort[17189]: [ 109 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'POP2_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'POP2_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 119 ]
        Aug 21 15:34:28 snort[17189]: [ 119 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'NNTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'NNTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 1433 ]
        Aug 21 15:34:28 snort[17189]: [ 1433 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'MSSQL_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'MSSQL_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 6665:6669 7000 ]
        Aug 21 15:34:28 snort[17189]: [ 6665:6669 7000 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'IRC_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'IRC_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 143 ]
        Aug 21 15:34:28 snort[17189]: [ 143 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'IMAP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'IMAP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 21 ]
        Aug 21 15:34:28 snort[17189]: [ 21 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'FTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'FTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 79 ]
        Aug 21 15:34:28 snort[17189]: [ 79 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'FINGER_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'FINGER_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 53 ]
        Aug 21 15:34:28 snort[17189]: [ 53 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'DNS_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'DNS_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 113 ]
        Aug 21 15:34:28 snort[17189]: [ 113 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'AUTH_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'AUTH_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 1521 ]
        Aug 21 15:34:28 snort[17189]: [ 1521 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'ORACLE_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'ORACLE_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 0:79 81:65535 ]
        Aug 21 15:34:28 snort[17189]: [ 0:79 81:65535 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'SHELLCODE_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'SHELLCODE_PORTS' defined :
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: [ 80 ]
        Aug 21 15:34:28 snort[17189]: [ 80 ]
        Aug 21 15:34:28 snort[17189]: PortVar 'HTTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: PortVar 'HTTP_PORTS' defined :
        Aug 21 15:34:28 snort[17189]: Parsing Rules file "/usr/local/etc/snort/snort_9713_bge1/snort.conf"
        Aug 21 15:34:28 snort[17189]: Parsing Rules file "/usr/local/etc/snort/snort_9713_bge1/snort.conf"
        Aug 21 15:34:28 snort[17189]: Initializing Plug-ins!
        Aug 21 15:34:28 snort[17189]: Initializing Plug-ins!
        Aug 21 15:34:28 snort[17189]: Initializing Preprocessors!
        Aug 21 15:34:28 snort[17189]: Initializing Preprocessors!
        Aug 21 15:34:28 snort[17189]: Initializing Output Plugins!
        Aug 21 15:34:28 snort[17189]: Initializing Output Plugins!
        Aug 21 15:34:28 snort[17189]: –== Initializing Snort ==--
        Aug 21 15:34:28 snort[17189]: –== Initializing Snort ==--
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]:
        Aug 21 15:34:28 snort[17189]: Running in IDS mode
        Aug 21 15:34:28 snort[17189]: Running in IDS mode
        Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
        Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
        Aug 21 15:34:28 SnortStartup[13517]: Snort Startup files Sync…

        1 Reply Last reply Reply Quote 0
        • M
          mentalhemroids
          last edited by

          Okay, so basically when you get this error or you have nothing populating your Alerts or Blocks it mainly means one of two things - you are loading too many rules at one time or you need to Stop the service, make sure you've saved your If Settings, and finally Start the service again.  Doing this all from If Settings tab seems to be the easiest.  Anyone agree or disagree with these findings?

          1 Reply Last reply Reply Quote 0
          • AhnHELA
            AhnHEL
            last edited by

            Looked this up myself the other day and found this.

            http://forum.pfsense.org/index.php/topic,28161.msg146864.html#msg146864

            AhnHEL (Angel)

            1 Reply Last reply Reply Quote 0
            • M
              mentalhemroids
              last edited by

              Thanks for that link Onhel; I saw that, but I ended up getting past that error by stopping the service and starting it again.  As long as the rules and proper Preprocessors were set the error went away.  One thing I did notice is that when I make any rule changes I need to stop and start the service to make those changes active.  Do you think running that would be a permanent fix or just something to run when that PID error comes up?

              1 Reply Last reply Reply Quote 0
              • C
                Cino
                last edited by

                Anytime you make any changes to Snort, you have to restart it. If you don't, new settings won't take effect.

                1 Reply Last reply Reply Quote 0
                • M
                  mentalhemroids
                  last edited by

                  Good to know; Thank you Cino!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.