Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort no long running

    Scheduled Pinned Locked Moved IDS/IPS
    13 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • infosamu.itI
      infosamu.it
      last edited by

      I have got the same situation.

      1 Reply Last reply Reply Quote 0
      • infosamu.itI
        infosamu.it
        last edited by

        i've got this error in log:

        FATAL ERROR: /usr/local/etc/snort/snort_17455_em1.5/rules/snort.rules(10922) Unable to process the IP address: [200.122.181.101,200.122.181.78,2001:40e8:0000:f091:0000:0000:0000:0100,2001:41,2001:41c8:0051:0490:feff:00ff:fe00:3214,2001:41d0:0001:777c:0200:c0a8:64b5:0000,2001:41d0:0001:81cf:0000:0000:0000:0001,2001:41d0:0001:8719:0000:0000:0000:0001,2001:41d0:0001:8b3b:0000:0000:0000:0001,2001:41d0:0002:1ecc:0000:0000:0000:0000].

        C 1 Reply Last reply Reply Quote 0
        • P
          palomar72
          last edited by

          Same here!

          1 Reply Last reply Reply Quote 0
          • P
            palomar72
            last edited by

            After removing the "download of Emerging Threats Open rules", and a force update of rules, Snort restated.
            Obviously without the Emerging Threats Open rules.

            1 Reply Last reply Reply Quote 0
            • infosamu.itI
              infosamu.it
              last edited by

              ok problem solved.

              if you remove the line from the file snort.rules the snort starts again.

              1 Reply Last reply Reply Quote 1
              • infosamu.itI
                infosamu.it
                last edited by

                this is the line

                alert tcp [200.122.181.101,200.122.181.78,2001:40e8:0000:f091:0000:0000:0000:0100,2001:41,2001:41c8:0051:0490:feff:00ff:fe00:3214,2001:41d0:0001:777c:0200:c0a8:64b5:0000,2001:41d0:0001:81cf:0000:0000:0000:0001,2001:41d0:0001:8719:0000:0000:0000:0001,2001:41d0:0001:8b3b:0000:0000:0000:0001,2001:41d0:0002:1ecc:0000:0000:0000:0000] any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 377"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; flowbits:set,ET.TorIP; sid:2522376; rev:4374; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity Audit, created_at 2008_12_01, updated_at 2021_03_19;)

                1 Reply Last reply Reply Quote 1
                • C
                  chrischambers @infosamu.it
                  last edited by

                  @infosamu-it said in Snort no long running:

                  i've got this error in log:

                  FATAL ERROR: /usr/local/etc/snort/snort_17455_em1.5/rules/snort.rules(10922) Unable to process the IP address: [200.122.181.101,200.122.181.78,2001:40e8:0000:f091:0000:0000:0000:0100,2001:41,2001:41c8:0051:0490:feff:00ff:fe00:3214,2001:41d0:0001:777c:0200:c0a8:64b5:0000,2001:41d0:0001:81cf:0000:0000:0000:0001,2001:41d0:0001:8719:0000:0000:0000:0001,2001:41d0:0001:8b3b:0000:0000:0000:0001,2001:41d0:0002:1ecc:0000:0000:0000:0000].

                  where is the log files so that I can check this myself ?

                  R 1 Reply Last reply Reply Quote 0
                  • R
                    Rogerboomhouser @chrischambers
                    last edited by

                    @chrischambers

                    From the GUI, status>system logs.

                    C 1 Reply Last reply Reply Quote 1
                    • R
                      Ramosel
                      last edited by

                      It looks like the rule has been fixed.
                      Force an update
                      Start or restart Snort

                      P 1 Reply Last reply Reply Quote 0
                      • P
                        palomar72 @Ramosel
                        last edited by

                        @ramosel Yep! fixed. Thank you.

                        1 Reply Last reply Reply Quote 0
                        • infosamu.itI
                          infosamu.it
                          last edited by

                          yes, it works!

                          1 Reply Last reply Reply Quote 0
                          • C
                            chrischambers @Rogerboomhouser
                            last edited by

                            @rogerboomhouser said in Snort no long running:

                            GUI, status>system

                            thanks, for the info, and now my is working to.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.