Snort fatal error after upgrade - Stream5
-
I upgraded to 2.8.6.1 pkg v. 2.0 (in the package manager) or Snort 2.9.0.5 pkg v. 2.0 (in the snort settings) today, and am unable to start the interface. I am getting the following error
FATAL ERROR: /usr/local/etc/snort/snort_3172_re2/snort.conf(156) => Invalid Stream5 TCP policy option
The Stream5 settings are empty/default.
-
Wait 10 minutes and upgrade again.
Just caught a bad moment :S -
Ok thanks.
Pfsense
Current version: 2.0-RC2
Built On: Mon May 30 01:15:07 EDT 2011 -
Now getting
snort[60921]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_3172_re2//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
path looks invalid - is it best just to revert back to the old version for now?
-
antilog,
uninstall and then install snort… also what platform are you running btw?
and make sure you update yours rules.
-
I am also getting this after reinstall just little while ago; running 2.0-RC3 (i386)
built on Mon Sep 5 04:07:51 EDT 2011Sep 5 23:01:28 SnortStartup[42513]: Interface Rule START for 0_9940_xl0…
Sep 5 23:01:28 snort[42475]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
Sep 5 23:01:28 snort[42475]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.It was running fine until I did the reinstall. Not sure if this is a new problem or something going on with the rule updates - have two systems showing same issue but different message. Let me know if you need more info.
- Noticed the other message was different before I deselected the rules for web-misc.rules * Sep 5 22:54:52 SnortStartup[9331]: Snort HARD Reload For 29323_bge1…
Sep 5 22:54:52 snort[2966]: FATAL ERROR: /usr/local/etc/snort/snort_29323_bge1/snort.conf(377) Invalid configuration line: ULE_PATH/snort_web-misc.rules
Sep 5 22:54:52 snort[2966]: FATAL ERROR: /usr/local/etc/snort/snort_29323_bge1/snort.conf(377) Invalid configuration line: ULE_PATH/snort_web-misc.rules - After deselect I get this - Sep 5 23:07:33 SnortStartup[39776]: Interface Rule START for 0_29323_bge1…
Sep 5 23:07:33 snort[39436]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_29323_bge1//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
Sep 5 23:07:33 snort[39436]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_29323_bge1//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
Thanks for the help and the great work on the package. I love it when it works ;) …
- Noticed the other message was different before I deselected the rules for web-misc.rules * Sep 5 22:54:52 SnortStartup[9331]: Snort HARD Reload For 29323_bge1…
-
I put some checks to prevent this.
Though my first guess would be you have to do a full package reinstall. -
Thanks ermal; I tried just a reinstall and same thing - I'll try uninstall and reinstall.
Sep 6 07:02:13 SnortStartup[18678]: Snort HARD Reload For 9940_xl0…
Sep 6 07:02:13 snort[18463]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
Sep 6 07:02:13 snort[18463]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
Sep 6 07:02:13 snort[18463]: Search-Method = AC-Sparse-Bands
Sep 6 07:02:13 snort[18463]: Search-Method = AC-Sparse-Bands
Sep 6 07:02:13 snort[18463]: Detection:
Sep 6 07:02:13 snort[18463]: Detection:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 6503:6504 ]
Sep 6 07:02:13 snort[18463]: [ 6503:6504 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_BRIGHTSTORE' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_BRIGHTSTORE' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 2103 2105 2107 ]
Sep 6 07:02:13 snort[18463]: [ 2103 2105 2107 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_TCP' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_TCP' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 135 593 1024:65535 ]
Sep 6 07:02:13 snort[18463]: [ 135 593 1024:65535 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 135 1024:65535 ]
Sep 6 07:02:13 snort[18463]: [ 135 1024:65535 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 135 139 445 593 1024:65535 ]
Sep 6 07:02:13 snort[18463]: [ 135 139 445 593 1024:65535 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 138 1024:65535 ]
Sep 6 07:02:13 snort[18463]: [ 138 1024:65535 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 139 445 ]
Sep 6 07:02:13 snort[18463]: [ 139 445 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 5060:5090 16384:32768 ]
Sep 6 07:02:13 snort[18463]: [ 5060:5090 16384:32768 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SIP_PROXY_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SIP_PROXY_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 443 465 563 636 989:990 992:995 ]
Sep 6 07:02:13 snort[18463]: [ 443 465 563 636 989:990 992:995 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SSL_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SSL_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 25 143 465 691 ]
Sep 6 07:02:13 snort[18463]: [ 25 143 465 691 ]
Sep 6 07:02:13 snort[18463]: PortVar 'MAIL_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'MAIL_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 23 ]
Sep 6 07:02:13 snort[18463]: [ 23 ]
Sep 6 07:02:13 snort[18463]: PortVar 'TELNET_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'TELNET_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 44 ]
Sep 6 07:02:13 snort[18463]: [ 44 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SSH_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SSH_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 161 ]
Sep 6 07:02:13 snort[18463]: [ 161 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SNMP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SNMP_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 25 ]
Sep 6 07:02:13 snort[18463]: [ 25 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SMTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SMTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 139 445 ]
Sep 6 07:02:13 snort[18463]: [ 139 445 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SMB_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SMB_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 514 ]
Sep 6 07:02:13 snort[18463]: [ 514 ]
Sep 6 07:02:13 snort[18463]: PortVar 'RSH_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'RSH_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 513 ]
Sep 6 07:02:13 snort[18463]: [ 513 ]
Sep 6 07:02:13 snort[18463]: PortVar 'RLOGIN_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'RLOGIN_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 111 32770:32779 ]
Sep 6 07:02:13 snort[18463]: [ 111 32770:32779 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SUNRPC_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SUNRPC_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 110 ]
Sep 6 07:02:13 snort[18463]: [ 110 ]
Sep 6 07:02:13 snort[18463]: PortVar 'POP3_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'POP3_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 109 ]
Sep 6 07:02:13 snort[18463]: [ 109 ]
Sep 6 07:02:13 snort[18463]: PortVar 'POP2_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'POP2_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 119 ]
Sep 6 07:02:13 snort[18463]: [ 119 ]
Sep 6 07:02:13 snort[18463]: PortVar 'NNTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'NNTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 1433 ]
Sep 6 07:02:13 snort[18463]: [ 1433 ]
Sep 6 07:02:13 snort[18463]: PortVar 'MSSQL_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'MSSQL_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 6665:6669 7000 ]
Sep 6 07:02:13 snort[18463]: [ 6665:6669 7000 ]
Sep 6 07:02:13 snort[18463]: PortVar 'IRC_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'IRC_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 143 ]
Sep 6 07:02:13 snort[18463]: [ 143 ]
Sep 6 07:02:13 snort[18463]: PortVar 'IMAP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'IMAP_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 21 ]
Sep 6 07:02:13 snort[18463]: [ 21 ]
Sep 6 07:02:13 snort[18463]: PortVar 'FTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'FTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 79 ]
Sep 6 07:02:13 snort[18463]: [ 79 ]
Sep 6 07:02:13 snort[18463]: PortVar 'FINGER_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'FINGER_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 53 ]
Sep 6 07:02:13 snort[18463]: [ 53 ]
Sep 6 07:02:13 snort[18463]: PortVar 'DNS_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'DNS_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 113 ]
Sep 6 07:02:13 snort[18463]: [ 113 ]
Sep 6 07:02:13 snort[18463]: PortVar 'AUTH_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'AUTH_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 1521 ]
Sep 6 07:02:13 snort[18463]: [ 1521 ]
Sep 6 07:02:13 snort[18463]: PortVar 'ORACLE_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'ORACLE_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 0:79 81:65535 ]
Sep 6 07:02:13 snort[18463]: [ 0:79 81:65535 ]
Sep 6 07:02:13 snort[18463]: PortVar 'SHELLCODE_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'SHELLCODE_PORTS' defined :
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: [ 80 ]
Sep 6 07:02:13 snort[18463]: [ 80 ]
Sep 6 07:02:13 snort[18463]: PortVar 'HTTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: PortVar 'HTTP_PORTS' defined :
Sep 6 07:02:13 snort[18463]: Parsing Rules file "/usr/local/etc/snort/snort_9940_xl0/snort.conf"
Sep 6 07:02:13 snort[18463]: Parsing Rules file "/usr/local/etc/snort/snort_9940_xl0/snort.conf"
Sep 6 07:02:13 snort[18463]: Initializing Plug-ins!
Sep 6 07:02:13 snort[18463]: Initializing Plug-ins!
Sep 6 07:02:13 snort[18463]: Initializing Preprocessors!
Sep 6 07:02:13 snort[18463]: Initializing Preprocessors!
Sep 6 07:02:13 snort[18463]: Initializing Output Plugins!
Sep 6 07:02:13 snort[18463]: Initializing Output Plugins!
Sep 6 07:02:13 snort[18463]: –== Initializing Snort ==--
Sep 6 07:02:13 snort[18463]: –== Initializing Snort ==--
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]:
Sep 6 07:02:13 snort[18463]: Running in IDS mode
Sep 6 07:02:13 snort[18463]: Running in IDS mode
Sep 6 07:02:13 snort[18463]: Found pid path directive (/var/log/snort/run)
Sep 6 07:02:13 snort[18463]: Found pid path directive (/var/log/snort/run)
Sep 6 07:02:12 SnortStartup[15572]: Snort Startup files Sync…
Sep 6 07:01:40 dhclient: Creating resolv.conf
Sep 6 07:01:40 dhclient: RENEW
Sep 6 06:58:40 root: Countryblock was found not running
Sep 6 06:58:33 check_reload_status: Syncing firewall
Sep 6 06:58:33 check_reload_status: Reloading filter
Sep 6 06:58:33 check_reload_status: Syncing firewall
Sep 6 06:58:22 php: /pkg_mgr_install.php: Beginning package installation for snort. -
Uninstall and reinstall took care of it - it's running again. Thanks for your help ermal !!