3. Snort - Interfaces Shut Down

Snort - Interfaces Shut Down

  • S

    Hello,

    I have an issue where my snort interfaces will shut down on their own after an automatic update. It doesn't always happen, but at least once ever few days. In the system log it goes like this:

    Jun 20 12:05:01 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2983.tar.gz…
    Jun 20 12:05:48 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfully
    Jun 20 12:06:07 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz…
    Jun 20 12:06:29 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
    Jun 20 12:06:35 kernel pid 86296 (snort), uid 0: exited on signal 11
    Jun 20 12:06:35 kernel bce0: promiscuous mode disabled
    Jun 20 12:06:35 kernel pid 86764 (snort), uid 0: exited on signal 11
    Jun 20 12:06:35 kernel igb3: promiscuous mode disabled

    I'm on pfSense 2.3.4. My Snort configuration is pretty basic. Anyone else experiencing this? Know a fix? A workaround?

    Thanks!

    0

  • @sg83:

    … Anyone else experiencing this? Know a fix? A workaround?

    I don't know what snort is but have a look at this this Google : snort signal 11

    edit : Btw : What do you mean with "the interface goes down" ?
    Your logs tell me that snort updates, and then, understandable, it looks like that it want to restart.
    Or; it stops , ok, but won't start again - and nothing is explaining why …

    0
  • S

    Snort is for IDS/IPS.

    Yeah I've checked all those threads and none offer working solutions.

    When I say the "snort interfaces will shut down", I don't mean the actual true LAN/WAN interfaces on pfSense. In Snort, you set up which interfaces you want to monitor with Snort, and those are your "snort interfaces". I agree that after the auto update runs, it would want to recycle the "snort interfaces". It shuts them down alright. They don't come back up without manual intervention.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy