Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort and pfblockerNG-devel

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 438 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fireodoF
      fireodo
      last edited by fireodo

      Hi Bill,

      yesterday pfblockerNG-devel has get an update (2.2.5_33 -> 2.2.5_34) and this morning I saw that after the Wan periodic reconnection (occurs each night on 01:10 by executing this script: /var/etc/pppoe_restart_pppoe0) that Snort isn't running anymore. Started by hand it runs flawlessly. Then I made a test executing the above script by the cli and Snort did not start again.
      Then I reinstalled Snort and ... everything is running after a reconnect as expected.
      Maybe you can tell me (only for my mind sake) what could happend when pfblocker has updated that interfered with Snort?

      Thanks again,
      fireodo

      Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
      SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
      pfsense 2.8.0 CE
      Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Well, without some kind of error message indicating why Snort did not restart, I can't really help you. When you have a situation like that, if Snort will not restart from the GUI, then exit to a shell prompt and run this command:

        /usr/local/bin/snort -V

        That should result in Snort starting, quickly showing the version and then exiting. Otherwise, some potentially useful error messages will appear.

        Posting the output of that plus anything you find relevant in the system log can help me diagnose the potential problem. Just telling me Snort would not restart gives me nothing to work with.

        My first guess, and this is purely a guess since there are no error messages to confirm my suspicion, is that the pfBlockerNG-devel package update swapped out some shared library that Snort uses. That could have caused a library version conflict. Reinstalling Snort would have brought back the correct library setup. But this is just a pure guess without any supporting evidence since I don't know what error message was being printed.

        fireodoF 1 Reply Last reply Reply Quote 0
        • fireodoF
          fireodo @bmeeks
          last edited by

          @bmeeks said in Snort and pfblockerNG-devel:

          Well, without some kind of error message indicating why Snort did not restart, I can't really help you. When you have a situation like that, if Snort will not restart from the GUI, then exit to a shell prompt and run this command:

          There was no error - it simply was not starting automatically as expected! Starting manually was without errors.

          My first guess, and this is purely a guess since there are no error messages to confirm my suspicion, is that the pfBlockerNG-devel package update swapped out some shared library that Snort uses. That could have caused a library version conflict. Reinstalling Snort would have brought back the correct library setup. But this is just a pure guess without any supporting evidence since I don't know what error message was being printed.

          This is something I thought too - thanks for confirming my thoughts!

          Have a fine Weekend,
          fireodo

          Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
          SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
          pfsense 2.8.0 CE
          Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.