Snort 3.2.9.2_16 Won't Start



  • Updated SNORT to 3.2.9.2_16 from 3.2.9.2_15 today and now the service will not start.  Get the following error in one of the System logs:

    FATAL ERROR: /usr/local/etc/snort/snort_18589_em0/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.



  • Same here… 
    reinstalled, no joy
    uninstalled, reinstalled, no joy

    prior version had been running trouble free since installation.

    Feb 7 16:36:17 php-fpm 2895 /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 3567 -D -q --suppress-config-log -l /var/log/snort/snort_igb13567 --pid-path /var/run --nolock-pidfile -G 3567 -c /usr/local/etc/snort/snort_3567_igb1/snort.conf -i igb1' returned exit code '1', the output was ''

    Feb 7 16:36:17 snort 32649 FATAL ERROR: /usr/local/etc/snort/snort_3567_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.



  • update, working now.

    I uninstalled one more time.  Then manually deleted some of the snort scripts, files and directories.  On the subsequent reload, the package installed with no errors in the package and started correctly.

    However, these 3 rules failed to download.  I wait for results when regular downloads run as scheduled.

    Snort VRT Rules
    Snort GPLv2 Community Rules
    Snort OpenAppID Detectors