Snort 504 Timeout Error



  • Starting either LAN/WAN interface for Snort results in a 504 Gateway Time-out error after 2-3 minutes of loading. The snort interfaces will eventually start after two or three goes of this. I recently upgraded from 2.2.x to 2.3.1-p5 and had not had this problem in the past. The snort package is running on the latest version that pfsense supports.

    Disabling all of the VRT/ET signature categories seems to work and load times are relatively quick. Is there anyway around this? I don't believe this is related to a lack of resources. 4/8GB of RAM is available and CPU usage peaks at 40%. This is running on a 120GB SSD.

    Is there a log file I can tail while attempting to start interfaces to narrow down the issue?



  • Nevermind. After the 504 time-out, if I wait another two or three minutes it will eventually start. There's no need to start it multiple times. I guess it's due to my weak single core specs and snort being single threaded.



  • same error for me also

    Starting rules update…  Time: 2016-07-12 11:06:35
    Downloading Snort VRT rules md5 file snortrules-snapshot-2983.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 403.
    Server error message was: 403 Forbidden
    Snort VRT rules will not be updated.
    Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
    Snort OpenAppID detectors md5 download failed.
    Server returned error code 403.
    Server error message was: 403 Forbidden
    Snort OpenAppID detectors will not be updated.
    Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    Snort GPLv2 Community Rules md5 download failed.
    Server returned error code 403.
    Server error message was: 403 Forbidden
    Snort GPLv2 Community Rules will not be updated.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    There is a new set of Emerging Threats Open rules posted.
    Downloading file 'emerging.rules.tar.gz'...
    Done downloading rules file.
    Extracting and installing Emerging Threats Open rules...
    Installation of Emerging Threats Open rules completed.
    Copying new config and map files...
    Updating rules configuration for: WAN ...
    Updating rules configuration for: LAN ...
    Restarting Snort to activate the new set of rules...
    Snort has restarted with your new set of rules.
    The Rules update has finished.  Time: 2016-07-12 11:07:08

    snort security 3.2.9.1_14