Snort does not start, period.
-
ermal,
As per your suggestion, I uninstalled, and installed Snort and with the following command, have verified that Snort is not running on my system. I even mentioned that a couple times on the previous thread and that kept being lost in others' updates, so I decided to start a new thread.
ps -ax | grep snort
5645 0 S+ 0:00.02 grep snort
At this time, I am kinda stuck since I have tried everything I could think of, so I really hope you have some ideas.
Thanks,
Hiranmoy -
show me the output of 'clog /var/log/system.log'
-
Here it is. I don't know if it matters but I have obfuscated my WAN IP and Gateway for obvious reasons:
Sep 5 17:08:44 pfsense kernel: Root mount waiting for: usbus6 usbus2
Sep 5 17:08:44 pfsense kernel: uhub6: 6 ports with 6 removable, self powered
Sep 5 17:08:44 pfsense kernel: Trying to mount root from ufs:/dev/ad4s1a
Sep 5 17:08:44 pfsense kernel: ugen0.2: <stmicroelectronics>at usbus0
Sep 5 17:08:44 pfsense kernel: pflog0: promiscuous mode enabled
Sep 5 17:08:46 pfsense apinger: Starting Alarm Pinger, apinger(33804)
Sep 5 17:08:47 pfsense php: : ROUTING: setting default route to 96.226..
Sep 5 17:08:48 pfsense dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1
Sep 5 17:08:48 pfsense dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Sep 5 17:08:48 pfsense dhcpd: All rights reserved.
Sep 5 17:08:48 pfsense dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Sep 5 17:08:48 pfsense check_reload_status: Updating all dyndns
Sep 5 17:08:48 pfsense dnsmasq[50213]: started, version 2.55 cachesize 10000
Sep 5 17:08:48 pfsense dnsmasq[50213]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Sep 5 17:08:48 pfsense dnsmasq[50213]: reading /etc/resolv.conf
Sep 5 17:08:48 pfsense dnsmasq[50213]: using nameserver 8.8.4.4#53
Sep 5 17:08:48 pfsense dnsmasq[50213]: using nameserver 8.8.8.8#53
Sep 5 17:08:48 pfsense dnsmasq[50213]: using nameserver 208.67.220.220#53
Sep 5 17:08:48 pfsense dnsmasq[50213]: using nameserver 208.67.222.222#53
Sep 5 17:08:48 pfsense dnsmasq[50213]: ignoring nameserver 127.0.0.1 - local interface
Sep 5 17:08:48 pfsense dnsmasq[50213]: ignoring nameserver 127.0.0.1 - local interface
Sep 5 17:08:48 pfsense dnsmasq[50213]: read /etc/hosts - 4 addresses
Sep 5 17:08:53 pfsense php: : DynDns: updatedns() starting
Sep 5 17:08:53 pfsense php: : DynDns debug information: 96.226..** extracted from local system.
Sep 5 17:08:53 pfsense php: : DynDns: Current WAN IP: 96.226.. Cached IP: 96.226..
Sep 5 17:08:53 pfsense php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Sep 5 17:08:56 pfsense apinger: ALARM: GW_WAN(96.226..) *** down ***
Sep 5 17:09:06 pfsense check_reload_status: Reloading filter
Sep 5 17:10:35 pfsense php: : OpenNTPD is starting up.
Sep 5 17:10:36 pfsense apinger: alarm canceled: GW_WAN(96.226..) *** down ***
Sep 5 17:10:37 pfsense check_reload_status: Restarting ipsec tunnels
Sep 5 17:10:40 pfsense php: : Creating rrd update script
Sep 5 17:10:40 pfsense php: : miniupnpd: Starting service on interface: lan
Sep 5 17:10:40 pfsense miniupnpd[17792]: HTTP listening on port 2189
Sep 5 17:10:40 pfsense miniupnpd[17792]: HTTP listening on port 2189
Sep 5 17:10:40 pfsense miniupnpd[17792]: Listening for NAT-PMP traffic on port 5351
Sep 5 17:10:40 pfsense miniupnpd[17792]: Listening for NAT-PMP traffic on port 5351
Sep 5 17:10:40 pfsense php: : Restarting/Starting all packages.
Sep 5 17:10:40 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
Sep 5 17:10:40 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
Sep 5 17:10:41 pfsense login: login on ttyv0 as root
Sep 5 17:10:42 pfsense sshlockout[38903]: sshlockout/webConfigurator v3.0 starting up
Sep 5 17:10:43 pfsense php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Sep 5 17:10:45 pfsense check_reload_status: Reloading filter
Sep 5 17:10:46 pfsense apinger: Error while feeding rrdtool: Broken pipe
Sep 5 17:10:46 pfsense check_reload_status: Reloading filter
Sep 5 17:10:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:10:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:11:00 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:11:00 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:11:46 pfsense apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Sep 5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 18:08:59 pfsense dhclient: RENEW
Sep 5 18:08:59 pfsense dhclient: Creating resolv.conf
Sep 5 18:38:45 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
Sep 5 18:38:45 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
Sep 5 18:38:58 pfsense check_reload_status: Syncing firewall
Sep 5 18:38:58 pfsense php: /pkg_mgr_install.php: Beginning package installation for Cron.
Sep 5 18:38:58 pfsense check_reload_status: Syncing firewall
Sep 5 18:39:00 pfsense check_reload_status: Reloading filter
Sep 5 18:39:28 pfsense check_reload_status: Syncing firewall
Sep 5 18:39:28 pfsense php: /pkg_mgr_install.php: Beginning package installation for snort.
Sep 5 18:39:29 pfsense check_reload_status: Syncing firewall
Sep 5 18:39:48 pfsense check_reload_status: Syncing firewall
Sep 5 18:39:48 pfsense check_reload_status: Reloading filter
Sep 5 18:39:49 pfsense check_reload_status: Syncing firewall
Sep 5 18:40:01 pfsense check_reload_status: Syncing firewall
Sep 5 18:40:06 pfsense check_reload_status: Syncing firewall
Sep 5 18:41:13 pfsense SnortStartup[56527]: Snort Startup files Sync…
Sep 5 18:41:13 pfsense SnortStartup[60167]: Snort HARD Reload For 21540_em0_vlan10…
Sep 5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 18:42:58 pfsense check_reload_status: Syncing firewall
Sep 5 18:43:07 pfsense SnortStartup[12620]: Toggle for 21540_em0_vlan10…
Sep 5 18:43:07 pfsense SnortStartup[21737]: Interface Rule START for 0_21540_em0_vlan10…
Sep 5 18:45:04 pfsense sshd[43681]: Accepted keyboard-interactive/pam for admin from 192.168.1.200 port 3252 ssh2
Sep 5 18:48:45 pfsense check_reload_status: Syncing firewall
Sep 5 18:48:54 pfsense SnortStartup[14489]: Toggle for 21540_em0_vlan10…
Sep 5 18:48:54 pfsense SnortStartup[35026]: Interface Rule START for 0_21540_em0_vlan10…
Sep 5 18:49:40 pfsense check_reload_status: Syncing firewall
Sep 5 18:49:44 pfsense check_reload_status: Syncing firewall
Sep 5 18:54:01 pfsense check_reload_status: Syncing firewall
Sep 5 18:54:17 pfsense check_reload_status: Syncing firewall
Sep 5 18:54:23 pfsense check_reload_status: Syncing firewall
Sep 5 18:54:27 pfsense check_reload_status: Syncing firewall
Sep 5 18:55:02 pfsense check_reload_status: Syncing firewall
Sep 5 18:55:23 pfsense check_reload_status: Syncing firewall
Sep 5 18:55:35 pfsense check_reload_status: Syncing firewall
Sep 5 18:55:40 pfsense check_reload_status: Syncing firewall
Sep 5 18:55:45 pfsense SnortStartup[20559]: Interface Rule START for 0_21540_em0_vlan10…
Sep 5 18:58:05 pfsense SnortStartup[38412]: Snort Startup files Sync…
Sep 5 18:58:06 pfsense SnortStartup[40253]: Snort HARD Reload For 21540_em0_vlan10…
Sep 5 19:09:17 pfsense dhclient: RENEW
Sep 5 19:09:17 pfsense dhclient: Creating resolv.conf
Sep 5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 20:09:23 pfsense dhclient: RENEW
Sep 5 20:09:23 pfsense dhclient: Creating resolv.conf
Sep 5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 21:09:24 pfsense dhclient: RENEW
Sep 5 21:09:24 pfsense dhclient: Creating resolv.conf
Sep 5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 22:01:29 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.201
Sep 5 22:01:29 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.201
Sep 5 22:01:39 pfsense check_reload_status: Syncing firewall
Sep 5 22:01:44 pfsense check_reload_status: Syncing firewall
Sep 5 22:01:54 pfsense check_reload_status: Syncing firewall
Sep 5 22:01:54 pfsense check_reload_status: Reloading filter
Sep 5 22:02:16 pfsense sshd[58072]: Accepted keyboard-interactive/pam for admin from 192.168.1.201 port 49723 ssh2
Sep 5 22:09:25 pfsense dhclient: RENEW
Sep 5 22:09:25 pfsense dhclient: Creating resolv.conf
Sep 5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 23:09:25 pfsense dhclient: RENEW
Sep 5 23:09:25 pfsense dhclient: Creating resolv.conf
Sep 5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 00:09:26 pfsense dhclient: RENEW
Sep 6 00:09:26 pfsense dhclient: Creating resolv.conf
Sep 6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 01:01:01 pfsense php: : DynDns: updatedns() starting
Sep 6 01:01:01 pfsense php: : DynDns debug information: 96.226.. extracted from local system.
Sep 6 01:01:01 pfsense php: : DynDns: Current WAN IP: 96.226.. Cached IP: 96.226..
Sep 6 01:01:01 pfsense php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Sep 6 01:09:27 pfsense dhclient: RENEW
Sep 6 01:09:27 pfsense dhclient: Creating resolv.conf
Sep 6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 02:03:13 pfsense miniupnpd[17792]: Unsupported HTTP Command UNSUBSCRIBE
Sep 6 02:03:13 pfsense miniupnpd[17792]: Unsupported HTTP Command UNSUBSCRIBE
Sep 6 02:03:55 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
Sep 6 02:03:55 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
Sep 6 02:04:11 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 02:04:11 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 02:04:16 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 02:04:16 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 02:09:27 pfsense dhclient: RENEW
Sep 6 02:09:28 pfsense dhclient: Creating resolv.conf
Sep 6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 03:09:28 pfsense dhclient: RENEW
Sep 6 03:09:28 pfsense dhclient: Creating resolv.conf
Sep 6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 04:09:29 pfsense dhclient: RENEW
Sep 6 04:09:29 pfsense dhclient: Creating resolv.conf
Sep 6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
Sep 6 05:09:30 pfsense dhclient: RENEW
Sep 6 05:09:30 pfsense dhclient: Creating resolv.conf
Sep 6 05:21:19 pfsense sshd[31951]: Accepted keyboard-interactive/pam for admin from 192.168.1.200 port 4692 ssh2
Sep 6 05:22:01 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
Sep 6 05:22:01 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
Sep 6 05:22:23 pfsense check_reload_status: Syncing firewall
Sep 6 05:22:23 pfsense php: /pkg_mgr_install.php: Beginning package installation for snort.
Sep 6 05:22:23 pfsense check_reload_status: Syncing firewall
Sep 6 05:22:43 pfsense check_reload_status: Syncing firewall
Sep 6 05:22:43 pfsense check_reload_status: Reloading filter
Sep 6 05:22:43 pfsense check_reload_status: Syncing firewall
Sep 6 05:23:02 pfsense check_reload_status: Syncing firewall
Sep 6 05:23:50 pfsense SnortStartup[19168]: Snort Startup files Sync…
Sep 6 05:23:50 pfsense SnortStartup[23245]: Snort HARD Reload For 21540_em0_vlan10…</stmicroelectronics> -
I am sorry but from this there is clearly something wrong in your install.
That is my only suggestion. -
Ok, understand that. Now the question is how do I fix it since merely uninstalling/reinstalling doesn't seem to do the trick?
-
I am running 2.0-RC3 (amd64) and snort seems to be running fine after the last reinstall (uninstall then install) fixed the port scan blocking .