Snort - Interfaces Shut Down
-
Hello,
I have an issue where my snort interfaces will shut down on their own after an automatic update. It doesn't always happen, but at least once ever few days. In the system log it goes like this:
Jun 20 12:05:01 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2983.tar.gz…
Jun 20 12:05:48 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfully
Jun 20 12:06:07 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz…
Jun 20 12:06:29 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
Jun 20 12:06:35 kernel pid 86296 (snort), uid 0: exited on signal 11
Jun 20 12:06:35 kernel bce0: promiscuous mode disabled
Jun 20 12:06:35 kernel pid 86764 (snort), uid 0: exited on signal 11
Jun 20 12:06:35 kernel igb3: promiscuous mode disabledI'm on pfSense 2.3.4. My Snort configuration is pretty basic. Anyone else experiencing this? Know a fix? A workaround?
Thanks!
-
… Anyone else experiencing this? Know a fix? A workaround?
I don't know what snort is but have a look at this this Google : snort signal 11
edit : Btw : What do you mean with "the interface goes down" ?
Your logs tell me that snort updates, and then, understandable, it looks like that it want to restart.
Or; it stops , ok, but won't start again - and nothing is explaining why … -
Snort is for IDS/IPS.
Yeah I've checked all those threads and none offer working solutions.
When I say the "snort interfaces will shut down", I don't mean the actual true LAN/WAN interfaces on pfSense. In Snort, you set up which interfaces you want to monitor with Snort, and those are your "snort interfaces". I agree that after the auto update runs, it would want to recycle the "snort interfaces". It shuts them down alright. They don't come back up without manual intervention.