Snort will not start at all with the last few snapshot updates.
-
I've verified this on three different installs of pfsense using the newest snapshot. I installed pfsense fresh, configured it and installed snort. It will not start at all.
Upon bootup after installing new firmware while it is reinstalling the package, it states that it cannot find the snort.sh file "No such file or directory"
Then when you go to the pfsense GUI, and try to start snort… it does nothing.
System log: php: : The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '1', the output was ''
It truncates it there, but basically I suspect snort.sh isn't where it is supposed to be or missing. Is there an issue with the snort package install? or is it something that was changed in the snapshot that makes the install script not work properly?
-
More errors in the logs
Mar 24 04:09:37 php: : The dir for /usr/pbi/snort-amd64/etc/snort/snort_39021_vtnet1/threshold.conf does not exist. Cannot add symlink to /usr/local/etc/snort/snort_39021_vtnet1/threshold.conf.
Mar 24 04:09:37 php: : The dir for /usr/pbi/snort-amd64/etc/snort/snort_39021_vtnet1/snort.conf does not exist. Cannot add symlink to /usr/local/etc/snort/snort_39021_vtnet1/snort.conf.
Maybe this one is a clue:
Mar 24 04:09:49 snort[71686]: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort/dynamicrules/web-misc.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort/dynamicengine/libsf_engine.so" version 1.17.
Looks like we need a newer compiled version of snort in the packages menu?
-
http://forum.pfsense.org/index.php/topic,60343.0.html
-
haha redundant post.. sorry about that.
-
No worries mate :)