Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort failing to start after loading Snort 4.1.6_12

    Scheduled Pinned Locked Moved
    IDS/IPS
    4
    7
    513
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mxkied2
      last edited by mxkied2

      After updating the Snort package to 4.1.6_12 on PFsense 2.7.0-Release I am seeing the following error message when Snort tries to start:

      FATAL ERROR: /usr/local/etc/snort/snort_52062_igb1/snort.conf(6) Failed to parse the IP address: [!].

      I took a look at some previous posts that mentioned the home net list, it looks normal compared to a system running 4.1.6_11

      Any thoughts?

      C 1 Reply Last reply Reply Quote 0
      • C
        coolyman @mxkied2
        last edited by

        @mxkied2 said in Snort failing to start after loading Snort 4.1.6_12:

        After updating the Snort package to 4.1.6_12 on PFsense 2.7.0-Release I am seeing the following error message when Snort tries to start:

        FATAL ERROR: /usr/local/etc/snort/snort_52062_igb1/snort.conf(6) Failed to parse the IP address: [!].

        I took a look at some previous posts that mentioned the home net list, it looks normal compared to a system running 4.1.6_11

        Any thoughts?

        Me too!
        One error for WAN and one for LAN. Here they are:

        FATAL ERROR: /usr/local/etc/snort/snort_37135_em0/snort.conf(6) Failed to parse the IP address: [!].
        FATAL ERROR: /usr/local/etc/snort/snort_45236_em1/snort.conf(6) Failed to parse the IP address: [!].

        I cannot find either of those SIDs in my enabled categories. I even tried using SID Management to specifically disable those. No change.

        Searching for an answer yielded results where the IP address(es) are specified but in this case they are not. What's not parsable? Is that a word?

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          Let me examine this and try to reproduce. I did not encounter it during my testing, but I did make a change in how the $EXTERNAL_NET variable was created.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            Go apply the fix/workaround I documented here until I get a package update submitted to the Netgate team: https://forum.netgate.com/topic/184077/snort-doesn-t-want-to-start-after-laters-upgrade-to-snort-4-1-6_12/5?_=1699918723493.

            M 1 Reply Last reply Reply Quote 1
            • M
              mxkied2 @bmeeks
              last edited by

              @bmeeks

              Thank you! The workaround fixed the issue.

              bmeeksB 1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks @mxkied2
                last edited by

                @mxkied2 said in Snort failing to start after loading Snort 4.1.6_12:

                @bmeeks

                Thank you! The workaround fixed the issue.

                I've posted a new Pull Request for the Netgate developer team to review and merge that contains a permanent fix. It will likely be tomorrow, though, before that merge is completed and a new package built. The new package will be 4.1.6_13.

                T 1 Reply Last reply Reply Quote 1
                • T
                  The Rob @bmeeks
                  last edited by

                  @bmeeks Thank you for being on top of things and getting a fix out so quickly. Your good work doesn't go unnoticed.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post