Snort service will not start
-
I have not been able to get Snort to start in quite some time and I see no errors in the system logs. Can someone help me to understand what is going on and why Snort is unable to start or why it shows as it is not started and has been that way since 1.2-Release?
-
Please post you pfsense version and snort package version.
James
I have not been able to get Snort to start in quite some time and I see no errors in the system logs. Can someone help me to understand what is going on and why Snort is unable to start or why it shows as it is not started and has been that way since 1.2-Release?
-
1.2.3-Release
2.8.4.1_5 pkg v.1.7 -
1.2.3-Release
2.8.4.1_5 pkg v.1.7I need the output of
ls /usr/local/etc/rc.d
and
cat /usr/local/etc/rc.d/mysnort_interface.sh
James
-
bandwidthd.sh mbmon snort.sh
bandwidthd.sh.sample proxy_monitor.sh squid.sh
imspector snmpd
imspector.sh snmptrapdcat: /usr/local/etc/rc.d/mysnort_interface.sh: No such file or directory
-
bandwidthd.sh mbmon snort.sh
bandwidthd.sh.sample proxy_monitor.sh squid.sh
imspector snmpd
imspector.sh snmptrapdcat: /usr/local/etc/rc.d/mysnort_interface.sh: No such file or directory
Type this in the command terminal and post the error.
/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i ngo
James
-
command came back with no error, no report….....
/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i ngo
Edit: Checked the system logs and found this error.........
snort[42700]: FATAL ERROR: Unable to open rules file: /usr/local/etc/snort/rules/attack-responses.rules or /usr/local/etc/snort//usr/local/etc/snort/rules/attack-responses.rules
-
I see what going on.
Update all your rules, befor starting snort..
James
-
I keep getting
Please wait… You may only check for New Rules every 15 minutes...
-
OK, if the rules won't update automaticly is there another way to update them?
-
Any update please?
-
I've also had this issue randomly on installs/upgrades. Do you have premium rules? If so, turn it off, wait and then do the update. I have no theory as to why it happens, but after that, I can set the premium rules on and it works from there on until the next snort update.
a.r.
-
I have Snort subscriber enabled and have the key inserted but disabling it doesn't allow it to start and still nothing shows up in the system logs.
I have disabled all options and saved, still no starting of the service. I have reinstalled everything and still no starting of the service.I'm quite literally stumped, I've even tried reinstalling.
The only message I get when trying to update is …....
Please wait... You may only check for New Rules every 15 minutes...