Snort Won't Start After Upgrade
-
FWIW, I submitted a bug report.
http://redmine.pfsense.org/issues/1590
-th3r3isnospoon
-
Hi all,
I have the exact same console output. The interesting thing is syslog.
In the latest release of pfsense 2.0-RC2 I can't get Snort to start. The syslog reveals the following:
Jun 9 07:12:19 SnortStartup[63658]: Snort HARD Reload For 34679_sis0…
Jun 9 07:12:19 snort[56907]: FATAL ERROR: /usr/local/etc/snort/snort_34679_sis0/snort.conf(207) Unknown output plugin: "alert_pf"
Jun 9 07:12:19 snort[56907]: FATAL ERROR: /usr/local/etc/snort/snort_34679_sis0/snort.conf(207) Unknown output plugin: "alert_pf"Line 207 of the above file is:
output alert_pf: /usr/local/etc/snort/whitelist/defaultwlist,snort2c
Andrew
-
no go.
Are we the only ones facing this issue? Can anyone else confirm the same with a clean install of pfsense and snort package?
-
no go.
Are we the only ones facing this issue? Can anyone else confirm the same with a clean install of pfsense and snort package?
Mine had some clean installs and I did have the issue; which I resolved with my ln fix. I'm not sure why it's not working for others. :(
-
Latest few snapshots even dynamic DNS is failing and IP shows in red as 0.0.0.0
Looks like both a snapshot and Snort package issue.
-
I looked into snort.inc, looks like snort supposed to fetch perl-threaded-5.12.1_1.tbz as dependency… but couldn't find anywhere... the link to the file seems broken... I don't know if this is the cause of alert_pf error... hope this will be fixed soon. :)
-
Can anyone fix the Snort install package?
-
It's possible the maintainer is on vacation. I sent him a pm a while back and have not yet received a response.
-
Any updates on the Snort package fix?
-
I haven't heard or seen anything yet :-\
Hopefully soon….
-th3r3isnospoon
-
Over a week since the package is in broken state >:(
Has no one installed snort since last 7 days?
-
Over a week since the package is in broken state >:(
Has no one installed snort since last 7 days?
Apparently not….Hope this is fixed soon...
-th3r3isnospoon
-
Down with Snort since past 10 days !! >:(
-
I am having the same problem and it appears this person might have the same issue as well.
http://forum.pfsense.org/index.php/topic,37952.0.htmlI feel so naked without my Snort. ;D
pfSense 2.0 RC2 build date June 15th
Snort 2.8.6.1 pkg 1.34Also one more thing to add. According to the pfSense_Snort Twitter account it looks like he is planning a release pretty soon of Snort 2.9.0.4 pkg 1.37. Hopefully that has a fix for the issue we are seeing.
-
I too am having the same issue. Based on the number of reads I'm thinking we're not alone.
-
Same thing here on a new install:
Version:
2.0-RC3 (amd64)
built on Tue Jun 21 23:37:22 EDT 2011Intel(R) Atom(TM) CPU 330 @ 1.60GHz
Current: 799 MHz, Max: 1599 MHzWhen starting Snort:
snort[26473]: FATAL ERROR: /usr/local/etc/snort/snort_31943_re1/snort.conf(351) Unknown output plugin: "alert_pf"Cheers,
D. -
The Snort package is broken since over 2 weeks now. First I thought it was a snapshot issue but after trying multiple snapshots, I confirmed it's a snort package issue.
-
With a clean RC3 install, the error message is now different than with RC2
Clean RC2 install:
snort[26473]: FATAL ERROR: /usr/local/etc/snort/snort_31943_re1/snort.conf(351) Unknown output plugin: "alert_pf"Clean RC3 install:
Jun 23 01:50:39 SnortStartup[5379]: Snort HARD Reload For 22075_re1…
Jun 23 01:50:38 SnortStartup[1825]: Snort Startup files Sync…Is there a method to "manually" install a newer version of snort without using the package? Looking at various dates on the "JamesDean" twitter feeds, the last update was on Mar 16, indicating 2.9.0.4 was due in a few days. This being June, safe bet that "jamesdean" is otherwise occupied…so would love to figure out a fix that doesn't use the package if that is at all possible.
Btw, I've been posting my adventures (including a hardware list and various notes) with pfSense over at smallnetbuilder: http://forums.smallnetbuilder.com/showthread.php?t=5379
-
Any progress on this issue resolution?
-
I upgraded to built on Mon Jun 27 06:38:49 EDT 2011 on my Alix board.
Before I deleted the interface and reset snort. After the upgrade Snort
started but I wasn't able to choose any rules even thoug the update went
well. But after stopping the interface and restarting it the rules where ther
to choose from. Back in business ;D