Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.4.1 pkg v. 2.5.6 Issue(s)

    Scheduled Pinned Locked Moved pfSense Packages
    62 Posts 11 Posters 20.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Supermule Banned
      last edited by

      can you test without a restore??

      Mine is pointing to https://xxxxx/index.php

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        @Supermule:

        can you test without a restore??

        Mine is pointing to https://xxxxx/index.php

        I could, that means doing and fresh install from scratch on another disk
        doing a manual config, installing snort etc ….
        I might  :-\

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          Could be the restore causing issues. Wh yI dont know, but mine hasnt been restored but build from scratch…

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            I guess building from scratch would gimme the same results as you.
            I only have one system so if I find a few hours to spare I might do that.

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS
              last edited by

              I've reported it a year ago, dont remember where …
              Here is another related one http://forum.pfsense.org/index.php/topic,61033.0.html
              and http://forum.pfsense.org/index.php/topic,36309.0.html ... i guess a search should highlight the prob  ;)

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 0
              • S
                Supermule Banned
                last edited by

                Cannot restart it from Services widget as stated.

                Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
                Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
                Apr 26 09:51:11 kernel: em0: promiscuous mode disabled
                Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
                Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
                Apr 26 09:51:10 SnortStartup[17481]: Snort STOP for Internet(36256_em0)…
                Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
                Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
                Apr 26 09:51:06 SnortStartup[62588]: Snort STOP for Internet(36256_em0)…
                Apr 26 09:51:02 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
                Apr 26 09:50:58 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
                Apr 26 09:50:54 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …

                Has to go into services -> Snort to do it.

                Apr 26 09:54:22 php: /snort/snort_interfaces.php: Snort START for Internet(em0)...
                Apr 26 09:52:57 kernel: em0: promiscuous mode enabled
                Apr 26 09:52:57 SnortStartup[61780]: Snort START for Internet(36256_em0)…
                Apr 26 09:52:41 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
                Apr 26 09:52:39 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
                Apr 26 09:52:37 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
                Apr 26 09:52:37 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(em0)...

                1 Reply Last reply Reply Quote 0
                • K
                  kilthro
                  last edited by

                  @bmeeks:

                  FYI.  Just submitted the Pull Request on Github for Ermal and the pfSense team to review and approve.  This request updates the Snort package to 2.5.7 and contains a number of bug fixes for the issues reported in this thread along with several enhancements and new features.  This is a GUI update only.  The underlying Snort binary itself remains at 2.9.4.1.

                  Here is a link to the Pull Request:  https://github.com/pfsense/pfsense-packages/pull/433

                  Once approved by the pfSense team and merged into the master repository, the update will appear on your Installed Packages tab as 2.5.7.  When it is merged, I will open a new thread containing the Change Log.

                  Bill

                  Excellent work Bill Thanks!

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB
                    bmeeks
                    last edited by

                    @Supermule:

                    Cannot restart it from Services widget as stated.

                    Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
                    Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
                    Apr 26 09:51:11 kernel: em0: promiscuous mode disabled
                    Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
                    Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
                    Apr 26 09:51:10 SnortStartup[17481]: Snort STOP for Internet(36256_em0)…
                    Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
                    Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
                    Apr 26 09:51:06 SnortStartup[62588]: Snort STOP for Internet(36256_em0)…
                    Apr 26 09:51:02 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
                    Apr 26 09:50:58 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
                    Apr 26 09:50:54 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …

                    Has to go into services -> Snort to do it.

                    Apr 26 09:54:22 php: /snort/snort_interfaces.php: Snort START for Internet(em0)...
                    Apr 26 09:52:57 kernel: em0: promiscuous mode enabled
                    Apr 26 09:52:57 SnortStartup[61780]: Snort START for Internet(36256_em0)…
                    Apr 26 09:52:41 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
                    Apr 26 09:52:39 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
                    Apr 26 09:52:37 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
                    Apr 26 09:52:37 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(em0)...

                    I will check on this. I'm pretty sure that during my testing runs yesterday with 2.5.7 I started Snort from the Service widget, but I will try again.

                    Is this problem happening on 2.0.3 or 2.1-BETA?

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • bmeeksB
                      bmeeks
                      last edited by

                      @RonpfS:

                      One little issue still present for ages is that when you are in the Snort pages,
                      if you click on the pfsense top left logo you end up with 404 - Not Found
                      because  the link points to https://xxxxx/snort/index.php instead of https://xxxxx/index.php on any other pages.

                      I can't replicate that behavior on my test VMs.  It could very well be something held over during upgrades.  I'll see if I can research history a bit and identify a possible fix for you.  As several others have posted that they do not have the issue, I do think it is something hanging around in your specific configuration someplace.

                      Bill

                      1 Reply Last reply Reply Quote 0
                      • K
                        kilthro
                        last edited by

                        I haven't experienced this either..

                        Bill update went fine and everything restarted and is running like it should. :-D Moving over to the new thread now to follow.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.