4. Snort turning itself OFF

Snort turning itself OFF

  • G

    Hi
    I noticed Snort turned itself off past few days after rules update. Rules update success but found Snort is stopped???
    Not good at all. I was OK before even if rules update failed, it's never stopped by itself. I ran Snort package update 2 day ago but it still doing that.
    Is anybody have same issue? What might be wrong or changed?
    Thanks.

    PS. i have Snort logs setup on local system (SSD) and checked log size option are limited. Log exceed memory should not be an issue.

    0

  • @gryest:

    Hi
    I noticed Snort turned itself off past few days after rules update. Rules update success but found Snort is stopped???
    Not good at all. I was OK before even if rules update failed, it's never stopped by itself. I ran Snort package update 2 day ago but it still doing that.
    Is anybody have same issue? What might be wrong or changed?
    Thanks.

    PS. i have Snort logs setup on local system (SSD) and checked log size option are limited. Log exceed memory should not be an issue.

    Have you looked back through your firewall's system log to see what, if any, messages might have been logged by Snort as it restarted from the rules update?  The most likely possibility is a rule syntax error of some sort with one of your enabled rules (or even a newly added rule).  Those happen from time to time as the rules are modified by the authors/vendors.

    Bill

    0
  • R

    This happened to me yesterday as well. When I checked the interface, snort was stopped. I simply restarted and all is well. These issue happen so rarely and typically fix themselves, so that I am neither worried nor inclined to start a research project over this issue.

    0
  • G

    @bmeeks:

    @gryest:

    Hi
    I noticed Snort turned itself off past few days after rules update. Rules update success but found Snort is stopped???
    Not good at all. I was OK before even if rules update failed, it's never stopped by itself. I ran Snort package update 2 day ago but it still doing that.
    Is anybody have same issue? What might be wrong or changed?
    Thanks.

    PS. i have Snort logs setup on local system (SSD) and checked log size option are limited. Log exceed memory should not be an issue.

    Have you looked back through your firewall's system log to see what, if any, messages might have been logged by Snort as it restarted from the rules update?  The most likely possibility is a rule syntax error of some sort with one of your enabled rules (or even a newly added rule).  Those happen from time to time as the rules are modified by the authors/vendors.

    Bill

    Yes, I did. Rules update happened 00:07. Before that Snort shows some ping IP ("Misc Attacks") Log Alerts. After 00:07 nothing until I restarted snort in the morning. No any records in the system log. I will check logs if it's happen again.
    Thanks.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy