Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort - Interfaces Shut Down

    pfSense Packages
    2
    3
    590
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sg83 last edited by

      Hello,

      I have an issue where my snort interfaces will shut down on their own after an automatic update. It doesn't always happen, but at least once ever few days. In the system log it goes like this:

      Jun 20 12:05:01 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2983.tar.gz…
      Jun 20 12:05:48 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfully
      Jun 20 12:06:07 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz…
      Jun 20 12:06:29 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
      Jun 20 12:06:35 kernel pid 86296 (snort), uid 0: exited on signal 11
      Jun 20 12:06:35 kernel bce0: promiscuous mode disabled
      Jun 20 12:06:35 kernel pid 86764 (snort), uid 0: exited on signal 11
      Jun 20 12:06:35 kernel igb3: promiscuous mode disabled

      I'm on pfSense 2.3.4. My Snort configuration is pretty basic. Anyone else experiencing this? Know a fix? A workaround?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        @sg83:

        … Anyone else experiencing this? Know a fix? A workaround?

        I don't know what snort is but have a look at this this Google : snort signal 11

        edit : Btw : What do you mean with "the interface goes down" ?
        Your logs tell me that snort updates, and then, understandable, it looks like that it want to restart.
        Or; it stops , ok, but won't start again - and nothing is explaining why …

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • S
          sg83 last edited by

          Snort is for IDS/IPS.

          Yeah I've checked all those threads and none offer working solutions.

          When I say the "snort interfaces will shut down", I don't mean the actual true LAN/WAN interfaces on pfSense. In Snort, you set up which interfaces you want to monitor with Snort, and those are your "snort interfaces". I agree that after the auto update runs, it would want to recycle the "snort interfaces". It shuts them down alright. They don't come back up without manual intervention.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post