Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is there no alarm from time to time? It is normal to restart snort

    IDS/IPS
    3
    4
    393
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackkep
      last edited by blackkep

      Why is there no alarm from time to time? It is normal to restart snort!
      CPU:I5-3470
      RAM:4GBx2
      SSD:512GB

      fffe41f2-6cef-4c3b-9bc2-25cc600d58bb-image.png

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @blackkep
        last edited by NollipfSense

        @blackkep That's because you haven't gone to a domain worthy of ringing the alarm and no, you don't need to restart Snort. The recommendation is to put Snort on LAN for more informed info.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • B
          blackkep
          last edited by blackkep

          normal there is an alarm
          f9e8c49f-157b-4d09-a524-cfcb8344288b-image.png

          Sometimes it will be blank to restart snort to be normal

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by bmeeks

            You say "restart Snort". When you go to the INTERFACES tab in Snort when the alerts tab is blank, is Snort showing as running or not (green triangle or red "X")? If not, then you need to look in the pfSense system log and determine why it stopped. Something should be logged there.

            If it is showing as running (with the green triangle instead of a red "X"), then something else is at play.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.