-
Hello all,
Snort was working fine up until recentlly. I am now getting this error and it fails to start:
FATAL ERROR: /usr/local/etc/snort/snort_6119_ue0/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
I saw a thread from a few years ago that stated:
"I found that if you disable the HTTP Inspect component, that ignores the IIS Unicode map and starts Snort without issue.
Here's how you disable it: Snort Interface -> Edit your Interface, (mine is named WAN)-> Select the <wan>Preprocs tab, navigate to the HTTP Inspect section and UNCHECK it. That will allow your snort IDS to start back up without issue. "
It does work but, but when I re-enable it the error returns.
I tried to reinstall the package and got no love.
Any thoughts or suggestions?</wan>
-
What version of Snort and pfSense are you running? That is a Snort system file, but it is also updated each time a rules package download occurs. Are your Snort rules updates completing successfully?
Bill
-
I apologize about the lack of info it is below. As far as I can tell the updating is working (log below).
pfSense: 2.4.3-RELEASE (amd64)
built on Mon Mar 26 18:02:04 CDT 2018
FreeBSD 11.1-RELEASE-p7snort:3.2.9.6_1
Manage Rule Set Log:
Starting rules update… Time: 2018-01-14 03:26:58
Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
Checking Snort VRT rules md5 file...
There is a new set of Snort VRT rules posted.
Downloading file 'snortrules-snapshot-2990.tar.gz'...
Done downloading rules file.
Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
Checking Snort GPLv2 Community Rules md5 file...
There is a new set of Snort GPLv2 Community Rules posted.
Downloading file 'community-rules.tar.gz'...
Done downloading rules file.
Extracting and installing Snort VRT rules...
Using Snort VRT precompiled SO rules for FreeBSD-10-0 ...
Installation of Snort VRT rules completed.
Extracting and installing Snort GPLv2 Community Rules...
Installation of Snort GPLv2 Community Rules completed.
Copying new config and map files...
Updating rules configuration for: WAN ...
The Rules update has finished. Time: 2018-01-14 03:27:36Starting rules update... Time: 2018-05-02 07:56:00
Downloading Snort Subscriber rules md5 file snortrules-snapshot-2990.tar.gz.md5...
Checking Snort Subscriber rules md5 file...
There is a new set of Snort Subscriber rules posted.
Downloading file 'snortrules-snapshot-2990.tar.gz'...
Done downloading rules file.
Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
Checking Snort GPLv2 Community Rules md5 file...
There is a new set of Snort GPLv2 Community Rules posted.
Downloading file 'community-rules.tar.gz'...
Done downloading rules file.
Extracting and installing Snort Subscriber Ruleset...
Using Snort Subscriber precompiled SO rules for FreeBSD-10-0 ...
Installation of Snort Subscriber rules completed.
Extracting and installing Snort GPLv2 Community Rules...
Installation of Snort GPLv2 Community Rules completed.
Copying new config and map files...
Updating rules configuration for: WAN ...
The Rules update has finished. Time: 2018-05-02 07:56:26Starting rules update... Time: 2018-05-02 10:08:45
Downloading Snort Subscriber rules md5 file snortrules-snapshot-29111.tar.gz.md5...
Checking Snort Subscriber rules md5 file...
There is a new set of Snort Subscriber rules posted.
Downloading file 'snortrules-snapshot-29111.tar.gz'...
Done downloading rules file.
Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
Checking Snort GPLv2 Community Rules md5 file...
There is a new set of Snort GPLv2 Community Rules posted.
Downloading file 'community-rules.tar.gz'...
Done downloading rules file.
Extracting and installing Snort Subscriber Ruleset...
Using Snort Subscriber precompiled SO rules for FreeBSD-10-0 ...
Installation of Snort Subscriber rules completed.
Extracting and installing Snort GPLv2 Community Rules...
Installation of Snort GPLv2 Community Rules completed.
Copying new config and map files...
Updating rules configuration for: WAN ...
The Rules update has finished. Time: 2018-05-02 10:09:13Thanks
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.