Snort update issue
-
Updated to latest pfsense beta build 2.0-BETA4 (i386) built on Mon Oct 18 15:51:06 EDT 2010
Noticed Snort not running - rules folder empty ???
Updated rules - tried to anyway, update hung and got errors in syslog about missing files.
Tried again … failed.
Uninstalled Snort, cleared all settings, restarted pfsense and re-installed snort pfsense packages window shows v1.35 but snort gui shows v1.34
Now I can not update rules at all, gui shows warning about empty folders, selecting update results in a 'greyed' screen and that is as far as it gets ...
Is anyone else seeing this ?
Addendum : Tried again using todays build (2.0-BETA4 (i386) built on Wed Oct 20 06:03:46 EDT 2010), still no go, repeated above procedure, posted error seen in syslog below ... snort dead and will not update .... # The rules directory is empty. /usr/local/etc/snort/snort_43927_pppoe1/rules
2010-10-20 15:44:46 Daemon.Error n36-gate Oct 20 15:44:46 snort[56022]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_pppoe143927.pid" for PID "56022"
Just noticed that selecting snorts help tab results is same greyed out screen and no action … is this a php issue ?
-
I have the same problem won't update.
Pfsense 1.2.3 Release, Snort 2.8.6.1 Pkg. 1.34. Looking foward for a fix. Thanks. -
I have the same problem.
Error with the snort rules download…
Snort rules file downloaded failed...It says:
Snort 2.8.6.1 pkg v. 1.34
on the Service
and
2.8.6.1 pkg v. 1.35
in the package managerSnortStartup[32290]: Snort HARD Reload For 36954_em0…
Oct 20 14:31:15 snort[32287]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_36954_em0//usr/local/etc/snort/snort_36954_em0/rules/emerging-attack_response.rules": No such file or directory.
Oct 20 14:31:15 snort[32287]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_36954_em0//usr/local/etc/snort/snort_36954_em0/rules/emerging-attack_response.rules": No such file or directory. -
I disabled the snort rules and am only using the EMERGINGTHREATS.NET rules as a temporary work around.
-
I solved the issue by removing the missing rule categories that showed in the log from the categories tab on the interfaces.
-
Is nobody else seeing this, I notice another post relating to this but for pfSense V1.2.3, the common factor is the Snort package version.
I had to manually install the rules but this isn't my first choice of ways to pass the time.
I'd appreciate it if anyone running V1.35 could try to update and post the result (PS although my version says 1.35 on the package page the package reports v1.34 - and yes I have re-installed three times).