Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with Snort on PFSense 1.2.2

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timmerman
      last edited by

      Hi all,

      I'm getting trouble when using Snort on PFSense 1.2.2. The version I installed is "Snort 2.8.4.1 pkg v. 1.3".
      Firstly, I installed Snort to identify and block Skype and Ultrasurf on my Lan. In the first time after configurating all the things I need (the p2p rules, Oinkmaster Code, etc)  Snort works fine and identify two hosts using Skype. When I go back to Snort configuration and set the checkbox "Block offenders", they didn't found anything else.

      I removed and reinstall Snort, and so he shows the follow message anytime I go on the "Rules" tab:

      Warning: sort() expects parameter 1 to be array, null given in /usr/local/www/snort_rules.php on line 101 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 35 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 36 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 37 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 38 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 39

      Since that, PFSense don't list the ruleset anymore. When I try click on the "Categories" tab I get another issue: They don't list the "Categories" of the Snort rules, and if I click "Save", they shows another PHP error:

      Warning: Invalid argument supplied for foreach() in /usr/local/www/snort_rulesets.php on line 40

      After all, I removed the package at PFSense again, log in to the shell finding/removing any snort file (find / -name snort) and reinstalled Snort in the "Package Menu". But, the problem still happens. At this moment, I can't to reinstall/reconfigure my PFSense from scratch. A couple screenshots to shows the bug:


      Some idea?  :)

      Rgds,
      Lucas Timm.

      1 Reply Last reply Reply Quote 0
      • T
        timmerman
        last edited by

        Solved.

        I don't know the reason, but PFSense isn't installing my rules. By the way, he was showing as OK and updated.  I have no proxy at my network. So, I go untill snort.org and get manually the rules snapshot, download it and extract on my PFSense. And so, he update the rules getting the latest snapshot and works again.

        :)

        1 Reply Last reply Reply Quote 0
        • J
          jamesdean
          last edited by

          @timmerman:

          Solved.

          I don't know the reason, but PFSense isn't installing my rules. By the way, he was showing as OK and updated.  I have no proxy at my network. So, I go untill snort.org and get manually the rules snapshot, download it and extract on my PFSense. And so, he update the rules getting the latest snapshot and works again.

          :)

          Glad to see it solved the problem. Im pretty sure I know the error your seeing. Its when rule check sums are saved to the snort directory but the rules are not extracted because of a error.
          Im going to add code to verify that snort rules do exist on the next release.

          1 Reply Last reply Reply Quote 0
          • T
            timmerman
            last edited by

            Please, do that. I waste a few hours to solve this problem, it have no online documentation, and may help a lot people. ;)

            Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.