Snort 18.104.22.168_16 Won't Start
arch113 last edited by
Updated SNORT to 22.214.171.124_16 from 126.96.36.199_15 today and now the service will not start. Get the following error in one of the System logs:
FATAL ERROR: /usr/local/etc/snort/snort_18589_em0/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
reinstalled, no joy
uninstalled, reinstalled, no joy
prior version had been running trouble free since installation.
Feb 7 16:36:17 php-fpm 2895 /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 3567 -D -q --suppress-config-log -l /var/log/snort/snort_igb13567 --pid-path /var/run --nolock-pidfile -G 3567 -c /usr/local/etc/snort/snort_3567_igb1/snort.conf -i igb1' returned exit code '1', the output was ''
Feb 7 16:36:17 snort 32649 FATAL ERROR: /usr/local/etc/snort/snort_3567_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
update, working now.
I uninstalled one more time. Then manually deleted some of the snort scripts, files and directories. On the subsequent reload, the package installed with no errors in the package and started correctly.
However, these 3 rules failed to download. I wait for results when regular downloads run as scheduled.
Snort VRT Rules
Snort GPLv2 Community Rules
Snort OpenAppID Detectors