-
Yes i'm getting WAN and LAN alerts. I did remove the package then reinstalled it but that didn't make any difference. I'll do it again and make sure that I reboot after each operation.
-
Yes i'm getting WAN and LAN alerts. I did remove the package then reinstalled it but that didn't make any difference. I'll do it again and make sure that I reboot after each operation.
In your case, just in the event your current Snort configuration is borked somehow, uncheck that "Save Settings" checkbox so Snort will remove the current configuration when the package uninstall routine runs. Then when you reinstall, it will be a virgin installation with no pre-existing confguration. As long as the "Save Settings" box is checked (and checked is the default), the configuration information will be saved and used again when the package is reinstalled. So any corruption, if present, will keep coming back.
Bill
-
I did as you said and I just checked the logs, see the attached pic. Loads of snort LAN alerts.
 -
I would like to add that even though I unticked the box in GLOBAL SETTINGS "Keep Snort Settings After Deinstall" and after rebooting and reinstalling snort my configuration was still there. I didn't have to insert my snort code and I didn't have to add the WAN interface because it was already there. The only thing i had to do was to download the rule and start snort.
-
I would like to add that even though I unticked the box in GLOBAL SETTINGS "Keep Snort Settings After Deinstall" and after rebooting and reinstalling snort my configuration was still there. I didn't have to insert my snort code and I didn't have to add the WAN interface because it was already there. The only thing i had to do was to download the rule and start snort.
You have a demon in that box! :D. That should never happen. With that box unchecked (and I assume you did a "Save" after unchecking it), Snort deletes the entire Snort configuration section of your config.xml file for the firewall. That removes everything for Snort including Oinkmaster code, rule selections, interfaces and everything; even including log files.
So if that did not happen, I am truly and fully perplexed. Are you sure you clicked SAVE at the bottom of the GLOBAL SETTINGS page when you unchecked that "save settings" checkbox before doing the uninstall?
Bill
-
Yes 100%, i triple checked, because I remember the first time i removed the package it did the same.
I think the best thing to do is save the the config.xml and do a fresh install, i think it's easiest and quickest method the fix the problem.
-
Yes 100%, i triple checked, because I remember the first time i removed the package it did the same.
I think the best thing to do is save the the config.xml and do a fresh install, i think it's easiest and quickest method the fix the problem.
Don't import that saved config or you will bring the problem right back. Everything for Snort is contained in that config file. So if it is corrupted in some fashion and you import the saved one into a fresh install, your fresh install is going to get corrupted again.
Bill
-
I did a fresh install, I installed squid then squidguard and then snort and i'm still getting LAN alerts
 -
I did a fresh install, I installed squid then squidguard and then snort and i'm still getting LAN alerts
What is showing on your ALERTS tab in Snort for the LAN? Your screenshot is from the firewall system log.
Bill
-
There are no LAN alerts in snort alert tab. I've just left it as it is, everything is working just fine.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.