Snort not starting on pfsense 2.4.4 release p1
-
Hello everyone! I am having trouble getting snort to work. I was able to install the package without any problems at all. I followed the following tutorial to configure snort:
https://www.youtube.com/watch?v=-GgqYq5-EBgI have replicated the entire process and when I go to start the service it spins for a couple of seconds and then nothing.
I am attaching screenshots of the logs that I was able to collect. It shows the services started but there is an error which I am unable to understand. Anyone in the community care to shed some light ? Below are the screenshots. Thank you in advance.
-
In EXTERNAL_NET you have !any defined, not sure how you've done it.
-
@NogBadTheBad is correct. Somehow you have managed to get
!anydefined in the EXTERNAL_NET variable. I am not sure how that happened. The default value for EXTERNAL_NET is!HOME_NET.When you go to the INTERFACE SETTINGS tab for your WAN interface and click the View List button beside the EXTERNAL_NET drop-down selector, what do you see in the dialog that pops up?
-
@nogbadthebad
I saw this error message in the logs and was unsure how it happened. I didn't modify any rules. I just downloaded them as directed in the tutorials. I am working with free rules only. No paid subscription for snort rules. Any workaround for this? Kindly let me know. -
If you can't figure out how !any got there, i'd be tempted to remove snort after unticking Keep Snort Settings After Deinstal then do a re install.
I'd follow these steps to configure snort as written by @bmeeks who maintains the snort package.
https://forum.netgate.com/topic/55095/quick-snort-setup-instructions-for-new-users/147
