Snort service will not start

Visseroth

I have not been able to get Snort to start in quite some time and I see no errors in the system logs. Can someone help me to understand what is going on and why Snort is unable to start or why it shows as it is not started and has been that way since 1.2-Release?

jamesdean

Please post you pfsense version and snort package version.

James

@Visseroth:

I have not been able to get Snort to start in quite some time and I see no errors in the system logs. Can someone help me to understand what is going on and why Snort is unable to start or why it shows as it is not started and has been that way since 1.2-Release?

Visseroth

1.2.3-Release
2.8.4.1_5 pkg v.1.7

jamesdean

@Visseroth:

1.2.3-Release
2.8.4.1_5 pkg v.1.7

I need the output of

ls /usr/local/etc/rc.d

and

cat /usr/local/etc/rc.d/mysnort_interface.sh

James

Visseroth

bandwidthd.sh          mbmon                  snort.sh
bandwidthd.sh.sample    proxy_monitor.sh        squid.sh
imspector              snmpd
imspector.sh            snmptrapd

cat: /usr/local/etc/rc.d/mysnort_interface.sh: No such file or directory

jamesdean

@Visseroth:

bandwidthd.sh           mbmon                   snort.sh
bandwidthd.sh.sample    proxy_monitor.sh        squid.sh
imspector               snmpd
imspector.sh            snmptrapd

cat: /usr/local/etc/rc.d/mysnort_interface.sh: No such file or directory

Type this in the command terminal and post the error.

/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i ngo

James

Visseroth

command came back with no error, no report….....

/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i ngo

Edit: Checked the system logs and found this error.........

snort[42700]: FATAL ERROR: Unable to open rules file: /usr/local/etc/snort/rules/attack-responses.rules or /usr/local/etc/snort//usr/local/etc/snort/rules/attack-responses.rules

jamesdean

I see what going on.

Update all your rules, befor starting snort..

James

Visseroth

I keep getting

Please wait… You may only check for New Rules every 15 minutes...

Visseroth

OK, if the rules won't update automaticly is there another way to update them?

Visseroth

Any update please?

tester_02

I've also had this issue randomly on installs/upgrades.  Do you have premium rules?  If so, turn it off, wait and then do the update.  I have no theory as to why it happens, but after that, I can set the premium rules on and it works from there on until the next snort update.

a.r.

Visseroth

I have Snort subscriber enabled and have the key inserted but disabling it doesn't allow it to start and still nothing shows up in the system logs.
I have disabled all options and saved, still no starting of the service. I have reinstalled everything and still no starting of the service.

I'm quite literally stumped, I've even tried reinstalling.

The only message I get when trying to update is …....
Please wait... You may only check for New Rules every 15 minutes...