snort exits and doesnt restart after daily ruleset update

bmeeks

@pftdm007 said in snort exits and doesnt restart after daily ruleset update:

@bmeeks

The issue re-occured again but this time I ran the CLI command which gave:

9364  -  SNs       0:08.14 /usr/local/bin/snort -R _49826 -D --daq pcap --daq-mode passive --treat-drop-as-alert -l /var/log/snort/snort_em4.20049826 --pid-path /var/run --nolock-pidfile --no-interface-pidfile -G 49826 -c /usr/local/etc/snort/snort_49826_em4.200/snort.conf -i em4.200
42037  -  S         0:00.00 sh -c ps -ax | grep snort 2>&1
42270  -  S         0:00.00 grep snort
81192  -  SNs       4:17.87 /usr/local/bin/snort -R _57388 -D --daq pcap --daq-mode passive --treat-drop-as-alert -l /var/log/snort/snort_em4.10057388 --pid-path /var/run --nolock-pidfile --no-interface-pidfile -G 57388 -c /usr/local/etc/snort/snort_57388_em4.100/snort.conf -i em4.100

I take that snort is indeed running on em4.100 and em4.200 ???

Yes, that means Snort is actually running on both interfaces.

I need to deep-dive into the PHP code a bit to check out the behavior. It is possible that with recent changes I inadvertently introduced a bug with querying the running status of the Snort processes with the code on the INTERFACES GUI tab.

I will fire up my virtual machine and do some testing. I see that earlier in the thread you said you are running pfSense 2.6.0, so I will check there first.