Snort not working for me (again)
-
I updated to the 1-19 snapshot and snort is running properly for me. Not sure what could be your problem. ???
-
Any chance you're trying to run snort on multiple interfaces?
-
@submicron:
Any chance you're trying to run snort on multiple interfaces?
None whatsoever :(
Weird, I'll stop using it again then.
-
Probably, however what I don't understand is how it's picking up an incorrect setting in the first place
I'll try your suggestion later
-
OK, this is the line in my snort.conf :
var HOME_NET [192.168.1.0/24,/32,86.3.142.145,192.168.1.2,,]
however if I remove the ,/32, the file gets recreated when I save snort config and overwrites any changes I make :(
any ideas?
I can post the entire snort.conf file and the startup logs if it helps?
There is another warning in the snort starup log though :
snort[13576]: WARNING /usr/local/etc/snort/snort.conf(36) => flush_behavior set in config file, using old static flushpoints (0)Does that shed any light?
-
Do you remember if you recently updated your snort rules before you started having troubles?
-
The rules were updated, BUT so was my entire machine, I changed to the 19th's image (cos of the lovely new look gui!) and reinstalled from scratch, everything was upgraded
-
I'm not sure why, but I have problems starting snort when I have web-misc category checked. If you have that ruleset enabled, try disabling it and see if Snort will start up.
-
Not ticked, could this thread shed any light (or at least point to the fact that there's something odd going on with the HOME_NET line?) : http://forum.pfsense.org/index.php/topic,3427.0.html
-
Not ticked, could this thread shed any light (or at least point to the fact that there's something odd going on with the HOME_NET line?) : http://forum.pfsense.org/index.php/topic,3427.0.html
No, because that has already been fixed.
-
Has it?? What snapshot was it fixed in?
-
Has it?? What snapshot was it fixed in?
Those files do not reside in a snapshot. They are on the server… Its a package file, not a base file.
-
OK, found and fixed the problem.
If you have a wireless connection (opt1) bridged with LAN and you leave the IP address blank in the IP configuration box on the opt1 interface it causes the problems I was having.
You have to un-bridge the connection put a (fake?) ip address in and then re-bridge the connection.
That seems to fix it, although I need to give it a proper test