Issue with Snort on PFSense 1.2.2
-
Hi all,
I'm getting trouble when using Snort on PFSense 1.2.2. The version I installed is "Snort 2.8.4.1 pkg v. 1.3".
Firstly, I installed Snort to identify and block Skype and Ultrasurf on my Lan. In the first time after configurating all the things I need (the p2p rules, Oinkmaster Code, etc) Snort works fine and identify two hosts using Skype. When I go back to Snort configuration and set the checkbox "Block offenders", they didn't found anything else.I removed and reinstall Snort, and so he shows the follow message anytime I go on the "Rules" tab:
Warning: sort() expects parameter 1 to be array, null given in /usr/local/www/snort_rules.php on line 101 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 35 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 36 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 37 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 38 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort_rules.php:101) in /usr/local/www/guiconfig.inc on line 39
Since that, PFSense don't list the ruleset anymore. When I try click on the "Categories" tab I get another issue: They don't list the "Categories" of the Snort rules, and if I click "Save", they shows another PHP error:
Warning: Invalid argument supplied for foreach() in /usr/local/www/snort_rulesets.php on line 40
After all, I removed the package at PFSense again, log in to the shell finding/removing any snort file (find / -name snort) and reinstalled Snort in the "Package Menu". But, the problem still happens. At this moment, I can't to reinstall/reconfigure my PFSense from scratch. A couple screenshots to shows the bug:
Some idea? :)
Rgds,
Lucas Timm. -
Solved.
I don't know the reason, but PFSense isn't installing my rules. By the way, he was showing as OK and updated. I have no proxy at my network. So, I go untill snort.org and get manually the rules snapshot, download it and extract on my PFSense. And so, he update the rules getting the latest snapshot and works again.
:)
-
Solved.
I don't know the reason, but PFSense isn't installing my rules. By the way, he was showing as OK and updated. I have no proxy at my network. So, I go untill snort.org and get manually the rules snapshot, download it and extract on my PFSense. And so, he update the rules getting the latest snapshot and works again.
:)
Glad to see it solved the problem. Im pretty sure I know the error your seeing. Its when rule check sums are saved to the snort directory but the rules are not extracted because of a error.
Im going to add code to verify that snort rules do exist on the next release. -
Please, do that. I waste a few hours to solve this problem, it have no online documentation, and may help a lot people. ;)
Thanks!
