Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 504 Timeout Error

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MK247
      last edited by

      Starting either LAN/WAN interface for Snort results in a 504 Gateway Time-out error after 2-3 minutes of loading. The snort interfaces will eventually start after two or three goes of this. I recently upgraded from 2.2.x to 2.3.1-p5 and had not had this problem in the past. The snort package is running on the latest version that pfsense supports.

      Disabling all of the VRT/ET signature categories seems to work and load times are relatively quick. Is there anyway around this? I don't believe this is related to a lack of resources. 4/8GB of RAM is available and CPU usage peaks at 40%. This is running on a 120GB SSD.

      Is there a log file I can tail while attempting to start interfaces to narrow down the issue?

      1 Reply Last reply Reply Quote 0
      • M
        MK247
        last edited by

        Nevermind. After the 504 time-out, if I wait another two or three minutes it will eventually start. There's no need to start it multiple times. I guess it's due to my weak single core specs and snort being single threaded.

        1 Reply Last reply Reply Quote 0
        • A
          Abhishek
          last edited by

          same error for me also

          Starting rules update…  Time: 2016-07-12 11:06:35
          Downloading Snort VRT rules md5 file snortrules-snapshot-2983.tar.gz.md5...
          Snort VRT rules md5 download failed.
          Server returned error code 403.
          Server error message was: 403 Forbidden
          Snort VRT rules will not be updated.
          Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
          Snort OpenAppID detectors md5 download failed.
          Server returned error code 403.
          Server error message was: 403 Forbidden
          Snort OpenAppID detectors will not be updated.
          Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
          Snort GPLv2 Community Rules md5 download failed.
          Server returned error code 403.
          Server error message was: 403 Forbidden
          Snort GPLv2 Community Rules will not be updated.
          Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
          Checking Emerging Threats Open rules md5 file...
          There is a new set of Emerging Threats Open rules posted.
          Downloading file 'emerging.rules.tar.gz'...
          Done downloading rules file.
          Extracting and installing Emerging Threats Open rules...
          Installation of Emerging Threats Open rules completed.
          Copying new config and map files...
          Updating rules configuration for: WAN ...
          Updating rules configuration for: LAN ...
          Restarting Snort to activate the new set of rules...
          Snort has restarted with your new set of rules.
          The Rules update has finished.  Time: 2016-07-12 11:07:08

          snort security 3.2.9.1_14

          2.3-RC (amd64)
          built on Mon Apr 04 17:09:32 CDT 2016
          FreeBSD 10.3-RELEASE
          Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

          darkstat 3.1.2_1
          Lightsquid 3.0.3_1
          mailreport 3.0_1
          pfBlockerNG 2.0.9_1  
          RRD_Summary 1.3.1_2
          snort 3.2.9.1_9  
          squid 0.4.16_1  
          squidGuard 1.14_1
          syslog-ng 1.1.2_2

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.