Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - Interfaces Shut Down

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 994 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sg83
      last edited by

      Hello,

      I have an issue where my snort interfaces will shut down on their own after an automatic update. It doesn't always happen, but at least once ever few days. In the system log it goes like this:

      Jun 20 12:05:01 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2983.tar.gz…
      Jun 20 12:05:48 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfully
      Jun 20 12:06:07 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz…
      Jun 20 12:06:29 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
      Jun 20 12:06:35 kernel pid 86296 (snort), uid 0: exited on signal 11
      Jun 20 12:06:35 kernel bce0: promiscuous mode disabled
      Jun 20 12:06:35 kernel pid 86764 (snort), uid 0: exited on signal 11
      Jun 20 12:06:35 kernel igb3: promiscuous mode disabled

      I'm on pfSense 2.3.4. My Snort configuration is pretty basic. Anyone else experiencing this? Know a fix? A workaround?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @sg83:

        … Anyone else experiencing this? Know a fix? A workaround?

        I don't know what snort is but have a look at this this Google : snort signal 11

        edit : Btw : What do you mean with "the interface goes down" ?
        Your logs tell me that snort updates, and then, understandable, it looks like that it want to restart.
        Or; it stops , ok, but won't start again - and nothing is explaining why …

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • S
          sg83
          last edited by

          Snort is for IDS/IPS.

          Yeah I've checked all those threads and none offer working solutions.

          When I say the "snort interfaces will shut down", I don't mean the actual true LAN/WAN interfaces on pfSense. In Snort, you set up which interfaces you want to monitor with Snort, and those are your "snort interfaces". I agree that after the auto update runs, it would want to recycle the "snort interfaces". It shuts them down alright. They don't come back up without manual intervention.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.