Snort 2.8.2.6 broken?



  • Hi all

    I have upgrade to the new snort 2.8.2.6 on pfsense 1.2.2

    When i start snort with more than one interface selectet it will not start.
    if i select only one interface (WAN) the service start.

    but if i go to the settings page of snort and also select the box "Block offenders" and click safe, snort will not start any more.

    Is snort broken or do i something wrong?

    greetings GaXy



  • Hello,

    It looks like I am facing the same problem with a PFsense cluster (1.2.1 RC2)…

    the Snort would start up only after reboot. While working - shows the intercepted packets but does not block the IPs...

    After a manual restart (of the snort only) - it doesn't start.

    there are no errors in the logs. Although I see doubled info in the logs (partial log below):

    Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
    Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
    Feb 13 17:15:54 pfcodix snort[18674]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
    Feb 13 17:15:54 pfcodix snort[18674]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
    Feb 13 17:15:54 pfcodix snort[18674]:     POST methods:                   0
    Feb 13 17:15:54 pfcodix snort[18674]:     POST methods:                   0
    Feb 13 17:15:54 pfcodix snort[18674]:     GET methods:                    4
    Feb 13 17:15:54 pfcodix snort[18674]:     GET methods:                    4
    Feb 13 17:15:54 pfcodix snort[18674]:     Post parameters extracted:      0
    Feb 13 17:15:54 pfcodix snort[18674]:     Post parameters extracted:      0
    Feb 13 17:15:54 pfcodix snort[18674]:     Unicode:                        0
    Feb 13 17:15:54 pfcodix snort[18674]:     Unicode:                        0
    Feb 13 17:15:54 pfcodix snort[18674]:     Double unicode:                 0
    Feb 13 17:15:54 pfcodix snort[18674]:     Double unicode:                 0
    Feb 13 17:15:54 pfcodix snort[18674]:     Non-ASCII representable:        0
    Feb 13 17:15:54 pfcodix snort[18674]:     Non-ASCII representable:        0
    Feb 13 17:15:54 pfcodix snort[18674]:     Base 36:                        0
    Feb 13 17:15:54 pfcodix snort[18674]:     Base 36:                        0
    Feb 13 17:15:54 pfcodix snort[18674]:     Directory traversals:           0
    Feb 13 17:15:54 pfcodix snort[18674]:     Directory traversals:           0
    Feb 13 17:15:54 pfcodix snort[18674]:     Extra slashes ("//"):           0
    Feb 13 17:15:54 pfcodix snort[18674]:     Extra slashes ("//"):           0
    Feb 13 17:15:54 pfcodix snort[18674]:     Self-referencing paths ("./"):  0
    Feb 13 17:15:54 pfcodix snort[18674]:     Self-referencing paths ("./"):  0
    Feb 13 17:15:54 pfcodix snort[18674]:     Total packets processed:        52
    Feb 13 17:15:54 pfcodix snort[18674]:     Total packets processed:        52
    Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
    Feb 13 17:15:54 pfcodix snort[18674]: ===============================================================================
    Feb 13 17:15:54 pfcodix snort[18674]: Snort exiting
    Feb 13 17:15:54 pfcodix snort[18674]: Snort exiting

    Reinstalling the package does not help.

    Anything to try out?

    Regards,
    linch



  • I am having the same problem in 1.2.3 looks like a change in 2.8.2.6 made it unable to start on my dual wan setup

    I had to deselect my second wan port and deselect automaticly block offenders



  • and any news on that ?



  • I would also like to state that I am having the same problem. I am unable to update and no errors seem to be created.

    Anyone have any ideas or is this something that is being checked out? Is there anything I can test?



  • Hi guys,

    The fix is:

    http://forum.pfsense.org/index.php/topic,14424.0.html

    An & sign into the startup script… I have it running fine now :D


Locked