Snort can not start service !



  • Hello all,
    I am using pfsense 1.2.3 and snort 2.8.6 pkg v. 1.31. I create the interface WAN and start. when i edit the interface and check some rule in categories and restart the interface. The Interface can not start.
    When i remove the rule in categories and restart the interface. The Interface started successful .
    Please help !
    Thanks so much



  • Im just guessing if u have the same problem as i did. Logged:
    snort[5627]: FATAL ERROR: /usr/local/etc/snort/snort_54784_vr0/rules/snort_netbios.rules(24) Unknown rule option: 'dce_iface'.

    I can't find the proper solution,
    You just need to go to snort interface>edit rule(ico)>Category(tab)> diselect [snort_netbios.rules] and save. Start the interface again.
    All other rule works for me except by enabling this particular rule that was fix in snort 2.8.4.1. This is for now until someone figure out what went wrong to get this error back again.



  • hello Arylikh ,
    Thanks for your reply. I just use 2 rules snort_p2p.rules and snort_chat.rules. I have just found the problem. Tab " Preprocessors" check enable Performance Statistics, Enable "HTTP Inspect Settings", HTTP server flow depth = "0"
    Now the snort can start.
    Thanks you so much.


Log in to reply