Snort doesn't start after upgrade PFS 2.2.3
-
Snort doesn't start after upgrade to PFS 2.2.3
I started searching here in the forum and somebody wrote to reinstall snort wich i did and now its stuck at "Please wait while Snort is started" it looks like Snort is still not starting after reinstalling Snort.I don't know wat to do right now.
This is a part of the system log.
Jun 25 19:39:56 sshd[23347]: Accepted keyboard-interactive/pam for root from 192.168.168.4 port 2170 ssh2
Jun 25 19:39:27 kernel: arp: 192.168.166.21 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
Jun 25 19:38:44 kernel: arp: 192.168.166.22 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
Jun 25 19:38:43 sshd[22792]: Accepted keyboard-interactive/pam for root from 192.168.168.4 port 2164 ssh2
Jun 25 19:30:28 kernel: arp: 192.168.166.10 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
Jun 25 19:30:01 kernel: arp: 192.168.166.10 moved from 00:30:18:a2:fc:4b to 00:30:18:a2:fc:4c on em1_vlan66
Jun 25 19:29:48 kernel: arp: 192.168.166.2 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
Jun 25 19:28:21 SnortStartup[52462]: Snort START for WAN(23488_em0)…
Jun 25 19:28:21 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Finished rebuilding installation from saved settings…
Jun 25 19:28:20 check_reload_status: Syncing firewall
Jun 25 19:28:19 check_reload_status: Syncing firewall
Jun 25 19:28:15 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Building new sig-msg.map file for WAN…
Jun 25 19:28:14 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Enabling any flowbit-required rules for: WAN…
Jun 25 19:28:07 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Updating rules configuration for: WAN …
Jun 25 19:28:07 check_reload_status: Syncing firewall
Jun 25 19:28:07 php-fpm[97819]: /pkg_mgr_install.php: [Snort] The Rules update has finished.
Jun 25 19:28:07 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Emerging Threats Open rules are up to date…
Jun 25 19:28:05 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort GPLv2 Community Rules are up to date…
Jun 25 19:28:05 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort OpenAppID detectors are up to date…
Jun 25 19:28:04 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort VRT rules are up to date…
Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Downloading and updating configured rule types…
Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Configuration version is current…
Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Checking configuration settings version…
Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Saved settings detected… rebuilding installation with saved settings...
Jun 25 19:27:29 check_reload_status: Syncing firewall
Jun 25 19:27:27 php-fpm[97819]: /pkg_mgr_install.php: Beginning package installation for snort .
Jun 25 19:27:26 check_reload_status: Syncing firewall
Jun 25 19:27:25 check_reload_status: Syncing firewall
Jun 25 19:27:24 check_reload_status: Syncing firewall
Jun 25 19:27:17 php-fpm[13372]: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/snort -R 23488 -D -q –suppress-config-log -l /var/log/snort/snort_em023488 --pid-path /var/run --nolock-pidfile -G 23488 -c /usr/pbi/snort-amd64/etc/snort/snort_23488_em0/snort.conf -i em0' returned exit code '9', the output was ''
Jun 25 19:27:17 php-fpm[57316]: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/snort -R 23488 -D -q –suppress-config-log -l /var/log/snort/snort_em023488 --pid-path /var/run --nolock-pidfile -G 23488 -c /usr/pbi/snort-amd64/etc/snort/snort_23488_em0/snort.conf -i em0' returned exit code '9', the output was ''
Jun 25 19:27:13 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort STOP for all interfaces…
Jun 25 19:27:13 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort package uninstall in progress… -
Hi, did you give it some time to settle? Some times it needs some minutes to restart all the rules.
Also you could try to reboot.
-
Hi Talos,
After I upgraded to 2.2.3 I clicked several times on the cross on the interface to start Snort. Everytime the browser timed out. Then I rebooted and tried again to start Snort stil no succes. Then I reinstalled Snort and again the browser timed out at te Snort starting fase.
Few minutes ago I refreshed the browser wich started again the reinstall of snort and is still running at the moment or wel the browser is waiting while Snort should be starting. I wil wait longer this time but does it make sense to wait after the browser timed out?
-
Well i am still a noob my self but snort can be hard on old hardware.
What are your machines specs. Are you running nanobsd? cf cards are slow you know! -
Hello Talos,
I solved it. Before I used the option "reinstall snort" but after 2 times reinstalling with no succes I used the option "uninstall Snort" instead of reinstall. After I uninstalled it I installed it again and after that Snort started right away and all my settings are saved and its working again like before pffffww ;)
I don't have an old system. I have a SuperMicro mini-itx board with 4gb ram, 30gb ssd, 2 Intel gbit nics.
Thank you Talos even if you're also stil a novice like me your advise was still appreciated because it made me realise to wait longer maybe I was to impatient.
-
Groovy man, thank you for sharing! :-)
-
Hmm, no issues with Snort on my setup after updating to 2.2.3… but reinstall usually fixes issues.