Snort 2.8.2.6 broken?
-
Hi all
I have upgrade to the new snort 2.8.2.6 on pfsense 1.2.2
When i start snort with more than one interface selectet it will not start.
if i select only one interface (WAN) the service start.but if i go to the settings page of snort and also select the box "Block offenders" and click safe, snort will not start any more.
Is snort broken or do i something wrong?
greetings GaXy
-
Hello,
It looks like I am facing the same problem with a PFsense cluster (1.2.1 RC2)…
the Snort would start up only after reboot. While working - shows the intercepted packets but does not block the IPs...
After a manual restart (of the snort only) - it doesn't start.
there are no errors in the logs. Although I see doubled info in the logs (partial log below):
Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
Feb 13 17:15:54 pfcodix snort[18674]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Feb 13 17:15:54 pfcodix snort[18674]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Feb 13 17:15:54 pfcodix snort[18674]: POST methods: 0
Feb 13 17:15:54 pfcodix snort[18674]: POST methods: 0
Feb 13 17:15:54 pfcodix snort[18674]: GET methods: 4
Feb 13 17:15:54 pfcodix snort[18674]: GET methods: 4
Feb 13 17:15:54 pfcodix snort[18674]: Post parameters extracted: 0
Feb 13 17:15:54 pfcodix snort[18674]: Post parameters extracted: 0
Feb 13 17:15:54 pfcodix snort[18674]: Unicode: 0
Feb 13 17:15:54 pfcodix snort[18674]: Unicode: 0
Feb 13 17:15:54 pfcodix snort[18674]: Double unicode: 0
Feb 13 17:15:54 pfcodix snort[18674]: Double unicode: 0
Feb 13 17:15:54 pfcodix snort[18674]: Non-ASCII representable: 0
Feb 13 17:15:54 pfcodix snort[18674]: Non-ASCII representable: 0
Feb 13 17:15:54 pfcodix snort[18674]: Base 36: 0
Feb 13 17:15:54 pfcodix snort[18674]: Base 36: 0
Feb 13 17:15:54 pfcodix snort[18674]: Directory traversals: 0
Feb 13 17:15:54 pfcodix snort[18674]: Directory traversals: 0
Feb 13 17:15:54 pfcodix snort[18674]: Extra slashes ("//"): 0
Feb 13 17:15:54 pfcodix snort[18674]: Extra slashes ("//"): 0
Feb 13 17:15:54 pfcodix snort[18674]: Self-referencing paths ("./"): 0
Feb 13 17:15:54 pfcodix snort[18674]: Self-referencing paths ("./"): 0
Feb 13 17:15:54 pfcodix snort[18674]: Total packets processed: 52
Feb 13 17:15:54 pfcodix snort[18674]: Total packets processed: 52
Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
Feb 13 17:15:54 pfcodix snort[18674]: Snort exiting
Feb 13 17:15:54 pfcodix snort[18674]: Snort exitingReinstalling the package does not help.
Anything to try out?
Regards,
linch -
I am having the same problem in 1.2.3 looks like a change in 2.8.2.6 made it unable to start on my dual wan setup
I had to deselect my second wan port and deselect automaticly block offenders
-
and any news on that ?
-
I would also like to state that I am having the same problem. I am unable to update and no errors seem to be created.
Anyone have any ideas or is this something that is being checked out? Is there anything I can test?
-
Hi guys,
The fix is:
http://forum.pfsense.org/index.php/topic,14424.0.html
An & sign into the startup script… I have it running fine now :D