Snort 2.9.1 pkg v. 2.1.1 Error.
-
Online again! Thanks!
-
Yes this should be OK now, I managed to get a new set of binaries built and uploaded. For one reason or another the nightly automated build process (even when run by hand) was not completely building the snort package and related binaries.
-
But now I have another problem…
snort[25261]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
Snort install perfectly, but not work…
-
Same here:
snort[56806]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined. -
Might be related:
http://forum.pfsense.org/index.php/topic,45656.msg238815.html#msg238815Try updating your snort rules.
-
i'm doing some testing but since snort was updated to 2.9.2.3, the ruleset filename is different:
thinking it should be like this now
/usr/local/pkg/snort/snort_check_for_rule_updates.php
line 43 $snort_filename_md5 = "snortrules-snapshot-2923.tar.gz.md5";
line 44 $snort_filename = "snortrules-snapshot-2923.tar.gz"; -
i'm doing some testing but since snort was updated to 2.9.2.3, the ruleset filename is different:
thinking it should be like this now
/usr/local/pkg/snort/snort_check_for_rule_updates.php
line 43 $snort_filename_md5 = "snortrules-snapshot-2923.tar.gz.md5";
line 44 $snort_filename = "snortrules-snapshot-2923.tar.gz";P.S looks like only registered users can download snortrules-snapshot-2922.tar.gz, 2923 isn't allowed yet
-
Strange.. my rules are updated…
SNORT.ORG >>> "b7469cefc799ed158d2a483ed2cf689a"
EMERGINGTHREATS.NET >>> 014686a49ac68a7d90d9be60b5db93bc
PFSENSE.ORG >>> "e8a95fd5f1b40e878fedeffd585134bb" -
Another thing… my Snort Service show: Snort 2.9.1 v. pkg 2.1.1, I will try remove and add again.
-
Strange.. my rules are updated…
SNORT.ORG >>> "b7469cefc799ed158d2a483ed2cf689a"
EMERGINGTHREATS.NET >>> 014686a49ac68a7d90d9be60b5db93bc
PFSENSE.ORG >>> "e8a95fd5f1b40e878fedeffd585134bb"yeah, the rules will update; but did snort start?
Snort 2.9.1 v. pkg 2.1 is hardcoded into the code i believe, it wasn't updated.. only binaries from what i can tell.
P.S line 40 in /usr/usr/local/snort/snort.inc would need to be changed for the version number
-
Cino,
I try start snort.. but the error is:
snort[15802]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
-
snort[56806]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
Updated to latest ruleset same error.
-
Using only Emmerging Threads rules…
-
Solved.
I remove and delete all Snort entries on pfSense (find / -name snort)
After that all work perfectly.
Barnyard2 downloaded manually of course.
Thanks,
Brivaldo Jr -
Solved . Snort Interfaces > e (edit interface) > Categories …. now here first try to uncheck all of you ruleset and then try to start you snort. After that you can "check" and enable Ruleset from Category tab ... but Attention !!! with some of ruleset snort will not start. So my advice is .. "check" and enable a ruleset, restart snort to see if works (start)... and so on .
Srry for my language
Best Regards
Edited at 05:10:49 pm:
Weird ...worked only with Emmerging Rulsets , if i use snort rulsets snort doesnt start. ...... i will try again .. to search where is the problem -
Hopefully there will be a fix soon, it blew out my snort completely, so now I have nothing
-
Just tried install on snort, it works now
-
having the same #3 error "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined." having all rules unchecked
-
having the same #3 error "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined." having all rules unchecked
I had the same error and had to delete the contents of /usr/local/lib/snort/dynamicrules. After that everything seemed fine and all my rules seem to work.
-
Thanks DigitalDeviant that worked nicely.
