Snort 2.9.1 pkg v. 2.0.2 wont start, no real info
-
May 16 08:44:51 ares snort[8755]: Log directory = /var/log/snort
May 16 08:44:51 ares kernel: pid 8755 (snort), uid 0: exited on signal 11
May 16 08:44:51 ares SnortStartup[8886]: Interface Rule START for 0_29308_vr1…The exit 11 comes before and after the Interface Rule START seemingly randomly.
This worked perfectly prior to an upgrade.
I have no rules enabled.
Unable to find any logs any place on anything regarding this. "snort_29308_vr1.log.1337179491" I havent a clue what it is:
file snort_29308_vr1.log.1337179491
snort_29308_vr1.log.1337179491: DOS executable (COM)clog -f snort_29308_vr1.log.1337179491
strings snort_29308_vr1.log.1337179491|moreProduce literally nothing.
-
May 16 08:44:51 ares snort[8755]: Log directory = /var/log/snort
May 16 08:44:51 ares kernel: pid 8755 (snort), uid 0: exited on signal 11
May 16 08:44:51 ares SnortStartup[8886]: Interface Rule START for 0_29308_vr1…The exit 11 comes before and after the Interface Rule START seemingly randomly.
This worked perfectly prior to an upgrade.
I have no rules enabled.
Unable to find any logs any place on anything regarding this. "snort_29308_vr1.log.1337179491" I havent a clue what it is:
file snort_29308_vr1.log.1337179491
snort_29308_vr1.log.1337179491: DOS executable (COM)clog -f snort_29308_vr1.log.1337179491
strings snort_29308_vr1.log.1337179491|moreProduce literally nothing.
Have you considered uninstalling the current package and installing Snort 2.9.1 pkg v. 2.1.1? Also, be aware that the snort version available for pfsense is EOL and not receiving snort updates. Emerging Threats updates are still working.
-
I've been attempting to research this, but not having much luck. 2.9.1 is not EOL, as far as I can tell?
Also, how do ET updates compare to Snort updates? Better, worse?
-
I didnt even notice this but the snort interface still shows 2.0.2 but the packages on the system indicate 2.1.1 so this error is with the latest available via the package manager in pfsense. Ive updated the topic as my post was a cut and paste from the interface. Which I suppose on a side note that after an upgrade the snort interface in services still shows the prior version. Additionally I have disabled everything from the preprocessors and rules to actually destroying the snort interface and remaking it with a different name etc.
-
It looks like the issue was the settings be saved during a deinstall option. I removed that and did a full wipe. Reinstalled and it appears to be working. Kind of a pain in the butt to have to manually enter all suppression, whitelist, etc settings though.
-
Found a bug.
If pfsense changes IP (I'm using as xDSL bridge mode), snort goes down.
The only solution (AFAIK) is by logging at WEB GUI and manually restart it.
Of course, should'nt be like this. Solution?