Snort not starting?
-
How can i find out why its not starting?
Edit = found out
Aug 14 21:02:04 php /tmp/snort_em037606_startcmd.php: [Snort] Updating rules configuration for: WAN ... Aug 14 21:02:06 php /tmp/snort_em037606_startcmd.php: [Snort] Enabling any flowbit-required rules for: WAN... Aug 14 21:02:06 php /tmp/snort_em037606_startcmd.php: [Snort] Building new sid-msg.map file for WAN... Aug 14 21:02:06 php /tmp/snort_em037606_startcmd.php: [Snort] Snort START for WAN(em0)... Aug 14 21:02:06 php-fpm 339 /snort/snort_interfaces.php: Starting Snort on WAN(em0) per user request... Aug 14 21:02:06 php /tmp/snort_em037606_startcmd.php: [Snort] Updating rules configuration for: WAN ... Aug 14 21:02:07 snort 54172 FATAL ERROR: /usr/local/etc/snort/snort_37606_em0/rules/snort.rules(6384) Unknown rule option: 'stream_size'. Aug 14 21:02:07 php /tmp/snort_em037606_startcmd.php: The command '/usr/local/bin/snort -R 37606 -D -q --suppress-config-log -l /var/log/snort/snort_em037606 --pid-path /var/run --nolock-pidfile -G 37606 -c /usr/local/etc/snort/snort_37606_em0/snort.conf -i em0' returned exit code '1', the output was ''ill check more
-
Found this
@bmeeks said in Snort | Unknown rule option: 'stream_size'.:
You most likely have a required preprocessor disabled. Make sure the STREAM5 preprocessor is enabled on the PREPROCESSORS tab. In fact, users should really never disable any of the default-enabled preprocessors unless they are very highly skilled with the operation of Snort.
Bill
Have never even been on that page. But fixed the issue by going to that page changing nothing and just hitting Save seem to work. Odd?
-
How exactly did you create the interface and when did you try to start it? Sounds like some initial configuration settings did not get set.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.