Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort no long running

    Scheduled Pinned Locked Moved IDS/IPS
    13 Posts 5 Posters 1.4k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • infosamu.itI Offline
      infosamu.it
      last edited by

      i've got this error in log:

      FATAL ERROR: /usr/local/etc/snort/snort_17455_em1.5/rules/snort.rules(10922) Unable to process the IP address: [200.122.181.101,200.122.181.78,2001:40e8:0000:f091:0000:0000:0000:0100,2001:41,2001:41c8:0051:0490:feff:00ff:fe00:3214,2001:41d0:0001:777c:0200:c0a8:64b5:0000,2001:41d0:0001:81cf:0000:0000:0000:0001,2001:41d0:0001:8719:0000:0000:0000:0001,2001:41d0:0001:8b3b:0000:0000:0000:0001,2001:41d0:0002:1ecc:0000:0000:0000:0000].

      C 1 Reply Last reply Reply Quote 0
      • P Offline
        palomar72
        last edited by

        Same here!

        1 Reply Last reply Reply Quote 0
        • P Offline
          palomar72
          last edited by

          After removing the "download of Emerging Threats Open rules", and a force update of rules, Snort restated.
          Obviously without the Emerging Threats Open rules.

          1 Reply Last reply Reply Quote 0
          • infosamu.itI Offline
            infosamu.it
            last edited by

            ok problem solved.

            if you remove the line from the file snort.rules the snort starts again.

            1 Reply Last reply Reply Quote 1
            • infosamu.itI Offline
              infosamu.it
              last edited by

              this is the line

              alert tcp [200.122.181.101,200.122.181.78,2001:40e8:0000:f091:0000:0000:0000:0100,2001:41,2001:41c8:0051:0490:feff:00ff:fe00:3214,2001:41d0:0001:777c:0200:c0a8:64b5:0000,2001:41d0:0001:81cf:0000:0000:0000:0001,2001:41d0:0001:8719:0000:0000:0000:0001,2001:41d0:0001:8b3b:0000:0000:0000:0001,2001:41d0:0002:1ecc:0000:0000:0000:0000] any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 377"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; flowbits:set,ET.TorIP; sid:2522376; rev:4374; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity Audit, created_at 2008_12_01, updated_at 2021_03_19;)

              1 Reply Last reply Reply Quote 1
              • C Offline
                chrischambers @infosamu.it
                last edited by

                @infosamu-it said in Snort no long running:

                i've got this error in log:

                FATAL ERROR: /usr/local/etc/snort/snort_17455_em1.5/rules/snort.rules(10922) Unable to process the IP address: [200.122.181.101,200.122.181.78,2001:40e8:0000:f091:0000:0000:0000:0100,2001:41,2001:41c8:0051:0490:feff:00ff:fe00:3214,2001:41d0:0001:777c:0200:c0a8:64b5:0000,2001:41d0:0001:81cf:0000:0000:0000:0001,2001:41d0:0001:8719:0000:0000:0000:0001,2001:41d0:0001:8b3b:0000:0000:0000:0001,2001:41d0:0002:1ecc:0000:0000:0000:0000].

                where is the log files so that I can check this myself ?

                R 1 Reply Last reply Reply Quote 0
                • R Offline
                  Rogerboomhouser @chrischambers
                  last edited by

                  @chrischambers

                  From the GUI, status>system logs.

                  C 1 Reply Last reply Reply Quote 1
                  • R Offline
                    Ramosel
                    last edited by

                    It looks like the rule has been fixed.
                    Force an update
                    Start or restart Snort

                    P 1 Reply Last reply Reply Quote 0
                    • P Offline
                      palomar72 @Ramosel
                      last edited by

                      @ramosel Yep! fixed. Thank you.

                      1 Reply Last reply Reply Quote 0
                      • infosamu.itI Offline
                        infosamu.it
                        last edited by

                        yes, it works!

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          chrischambers @Rogerboomhouser
                          last edited by

                          @rogerboomhouser said in Snort no long running:

                          GUI, status>system

                          thanks, for the info, and now my is working to.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.