Snort: Failing messages - FATAL ERROR: Failed to Lock PID



  • I just tried to install snort last night and noticed it started up fine, but I had to make several changes to settings to get it to start.  It's running on current version 2.0-RC3  (i386) built on Sat Aug 20 13:09:49 EDT 2011, but I'm not getting anything in the alerts and have played with the settings several ways to see if I can get different results.  So far it hasn't made a difference  I even installed it on another machine with same version snapshot and same settings, other than oink code.  I don't know if anyone else is having this problem, but any help is appreciated.



  • snort logs if anyone's interested -

    Aug 21 15:34:28 SnortStartup[17541]: Snort HARD Reload For 9713_bge1…
    Aug 21 15:34:28 snort[17358]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge19713.pid" for PID "17358"
    Aug 21 15:34:28 snort[17358]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge19713.pid" for PID "17358"
    Aug 21 15:34:28 snort[17358]: PID path stat checked out ok, PID path set to /var/log/snort/run
    Aug 21 15:34:28 snort[17358]: PID path stat checked out ok, PID path set to /var/log/snort/run
    Aug 21 15:34:28 snort[17358]: Checking PID path…
    Aug 21 15:34:28 snort[17358]: Checking PID path…
    Aug 21 15:34:28 snort[17189]: Daemon parent exiting
    Aug 21 15:34:28 snort[17189]: Daemon parent exiting
    Aug 21 15:34:28 snort[17358]: Daemon initialized, signaled parent pid: 17189
    Aug 21 15:34:28 snort[17358]: Daemon initialized, signaled parent pid: 17189
    Aug 21 15:34:28 snort[17189]: Initializing daemon mode
    Aug 21 15:34:28 snort[17189]: Initializing daemon mode
    Aug 21 15:34:28 snort[17189]: Initializing Network Interface bge1
    Aug 21 15:34:28 snort[17189]: Initializing Network Interface bge1
    Aug 21 15:34:28 snort[17189]: Verifying Preprocessor Configurations!
    Aug 21 15:34:28 snort[17189]: Verifying Preprocessor Configurations!
    Aug 21 15:34:28 snort[17189]: Rule application order: activation->dynamic->pass->drop->alert->log
    Aug 21 15:34:28 snort[17189]: Rule application order: activation->dynamic->pass->drop->alert->log
    Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: +–---------------------[suppression]–----------------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[suppression]–----------------------------------------
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-local]–---------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-local]–---------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-global]–--------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-global]–--------------------------------
    Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
    Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
    Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-config]–--------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[event-filter-config]–--------------------------------
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-rules]–----------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-rules]–----------------------------------
    Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
    Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
    Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-config]–---------------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[rate-filter-config]–---------------------------------
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: –-----------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: | none
    Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-rules]–-----------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-rules]–-----------------------------
    Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
    Aug 21 15:34:28 snort[17189]: | memory-cap : 1048576 bytes
    Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-config]–----------------------------
    Aug 21 15:34:28 snort[17189]: +–---------------------[detection-filter-config]–----------------------------
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: +–--------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: +–--------------------------------------------------------------------------
    Aug 21 15:34:28 snort[17189]: | s+d 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | s+d 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | nc 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | nc 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | any 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | any 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | dst 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | dst 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | src 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | src 0 0 0 0
    Aug 21 15:34:28 snort[17189]: | tcp udp icmp ip
    Aug 21 15:34:28 snort[17189]: | tcp udp icmp ip
    Aug 21 15:34:28 snort[17189]: +–-----------------[Rule Port Counts]–-------------------------------------
    Aug 21 15:34:28 snort[17189]: +–-----------------[Rule Port Counts]–-------------------------------------
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Aug 21 15:34:28 snort[17189]: 0 Dynamic rules
    Aug 21 15:34:28 snort[17189]: 0 Dynamic rules
    Aug 21 15:34:28 snort[17189]: 0 Option Chains linked into 0 Chain Headers
    Aug 21 15:34:28 snort[17189]: 0 Option Chains linked into 0 Chain Headers
    Aug 21 15:34:28 snort[17189]: 0 preprocessor rules
    Aug 21 15:34:28 snort[17189]: 0 preprocessor rules
    Aug 21 15:34:28 snort[17189]: 0 decoder rules
    Aug 21 15:34:28 snort[17189]: 0 decoder rules
    Aug 21 15:34:28 snort[17189]: 0 detection rules
    Aug 21 15:34:28 snort[17189]: 0 detection rules
    Aug 21 15:34:28 snort[17189]: 0 Snort rules read
    Aug 21 15:34:28 snort[17189]: 0 Snort rules read
    Aug 21 15:34:28 snort[17189]: Initializing rule chains…
    Aug 21 15:34:28 snort[17189]: Initializing rule chains…
    Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Aug 21 15:34:28 snort[17189]: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: Server side data is trusted
    Aug 21 15:34:28 snort[17189]: Server side data is trusted
    Aug 21 15:34:28 snort[17189]: 1194
    Aug 21 15:34:28 snort[17189]: 1194
    Aug 21 15:34:28 snort[17189]: 990 992 993 994 995
    Aug 21 15:34:28 snort[17189]: 990 992 993 994 995
    Aug 21 15:34:28 snort[17189]: 443 465 563 636 989
    Aug 21 15:34:28 snort[17189]: 443 465 563 636 989
    Aug 21 15:34:28 snort[17189]: Ports:
    Aug 21 15:34:28 snort[17189]: Ports:
    Aug 21 15:34:28 snort[17189]: Encrypted packets: not inspected
    Aug 21 15:34:28 snort[17189]: Encrypted packets: not inspected
    Aug 21 15:34:28 snort[17189]: SSLPP config:
    Aug 21 15:34:28 snort[17189]: SSLPP config:
    Aug 21 15:34:28 snort[17189]: Maximum SMB command chaining: 3 commands
    Aug 21 15:34:28 snort[17189]: Maximum SMB command chaining: 3 commands
    Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
    Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
    Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 1025-65535
    Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 1025-65535
    Aug 21 15:34:28 snort[17189]: UDP: 1025-65535
    Aug 21 15:34:28 snort[17189]: UDP: 1025-65535
    Aug 21 15:34:28 snort[17189]: TCP: 1025-65535
    Aug 21 15:34:28 snort[17189]: TCP: 1025-65535
    Aug 21 15:34:28 snort[17189]: SMB: None
    Aug 21 15:34:28 snort[17189]: SMB: None
    Aug 21 15:34:28 snort[17189]: Autodetect ports
    Aug 21 15:34:28 snort[17189]: Autodetect ports
    Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
    Aug 21 15:34:28 snort[17189]: RPC over HTTP proxy: None
    Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 593
    Aug 21 15:34:28 snort[17189]: RPC over HTTP server: 593
    Aug 21 15:34:28 snort[17189]: UDP: 135
    Aug 21 15:34:28 snort[17189]: UDP: 135
    Aug 21 15:34:28 snort[17189]: TCP: 135
    Aug 21 15:34:28 snort[17189]: TCP: 135
    Aug 21 15:34:28 snort[17189]: SMB: 139 445
    Aug 21 15:34:28 snort[17189]: SMB: 139 445
    Aug 21 15:34:28 snort[17189]: Detect ports
    Aug 21 15:34:28 snort[17189]: Detect ports
    Aug 21 15:34:28 snort[17189]: Policy: WinXP
    Aug 21 15:34:28 snort[17189]: Policy: WinXP
    Aug 21 15:34:28 snort[17189]: Server Default Configuration
    Aug 21 15:34:28 snort[17189]: Server Default Configuration
    Aug 21 15:34:28 snort[17189]: Events: smb co cl
    Aug 21 15:34:28 snort[17189]: Events: smb co cl
    Aug 21 15:34:28 snort[17189]: Memcap: 102400 KB
    Aug 21 15:34:28 snort[17189]: Memcap: 102400 KB
    Aug 21 15:34:28 snort[17189]: DCE/RPC Defragmentation: Enabled
    Aug 21 15:34:28 snort[17189]: DCE/RPC Defragmentation: Enabled
    Aug 21 15:34:28 snort[17189]: Global Configuration
    Aug 21 15:34:28 snort[17189]: Global Configuration
    Aug 21 15:34:28 snort[17189]: DCE/RPC 2 Preprocessor Configuration
    Aug 21 15:34:28 snort[17189]: DCE/RPC 2 Preprocessor Configuration
    Aug 21 15:34:28 snort[17189]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
    Aug 21 15:34:28 snort[17189]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
    Aug 21 15:34:28 snort[17189]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
    Aug 21 15:34:28 snort[17189]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
    Aug 21 15:34:28 snort[17189]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    Aug 21 15:34:28 snort[17189]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    Aug 21 15:34:28 snort[17189]: IIS Delimiter: YES alert: NO
    Aug 21 15:34:28 snort[17189]: IIS Delimiter: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Apache WhiteSpace: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Apache WhiteSpace: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Web Root Traversal: YES alert: YES
    Aug 21 15:34:28 snort[17189]: Web Root Traversal: YES alert: YES
    Aug 21 15:34:28 snort[17189]: Directory Traversal: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Directory Traversal: YES alert: NO
    Aug 21 15:34:28 snort[17189]: IIS Backslash: YES alert: NO
    Aug 21 15:34:28 snort[17189]: IIS Backslash: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Multiple Slash: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Multiple Slash: YES alert: NO
    Aug 21 15:34:28 snort[17189]: IIS Unicode: YES alert: NO
    Aug 21 15:34:28 snort[17189]: IIS Unicode: YES alert: NO
    Aug 21 15:34:28 snort[17189]: UTF 8: YES alert: NO
    Aug 21 15:34:28 snort[17189]: UTF 8: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Base36: OFF
    Aug 21 15:34:28 snort[17189]: Base36: OFF
    Aug 21 15:34:28 snort[17189]: Bare Byte: YES alert: YES
    Aug 21 15:34:28 snort[17189]: Bare Byte: YES alert: YES
    Aug 21 15:34:28 snort[17189]: %U Encoding: YES alert: YES
    Aug 21 15:34:28 snort[17189]: %U Encoding: YES alert: YES
    Aug 21 15:34:28 snort[17189]: Double Decoding: YES alert: YES
    Aug 21 15:34:28 snort[17189]: Double Decoding: YES alert: YES
    Aug 21 15:34:28 snort[17189]: Ascii: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Ascii: YES alert: NO
    Aug 21 15:34:28 snort[17189]: Extended ASCII code support in URI: NO
    Aug 21 15:34:28 snort[17189]: Extended ASCII code support in URI: NO
    Aug 21 15:34:28 snort[17189]: Normalize HTTP Cookies: NO
    Aug 21 15:34:28 snort[17189]: Normalize HTTP Cookies: NO
    Aug 21 15:34:28 snort[17189]: Inspect HTTP Responses: NO
    Aug 21 15:34:28 snort[17189]: Inspect HTTP Responses: NO
    Aug 21 15:34:28 snort[17189]: Inspect HTTP Cookies: NO
    Aug 21 15:34:28 snort[17189]: Inspect HTTP Cookies: NO
    Aug 21 15:34:28 snort[17189]: Normalize HTTP Headers: NO
    Aug 21 15:34:28 snort[17189]: Normalize HTTP Headers: NO
    Aug 21 15:34:28 snort[17189]: Only inspect URI: NO
    Aug 21 15:34:28 snort[17189]: Only inspect URI: NO
    Aug 21 15:34:28 snort[17189]: Oversize Dir Length: 0
    Aug 21 15:34:28 snort[17189]: Oversize Dir Length: 0
    Aug 21 15:34:28 snort[17189]: Disable Alerting: NO
    Aug 21 15:34:28 snort[17189]: Disable Alerting: NO
    Aug 21 15:34:28 snort[17189]: Allow Proxy Usage: NO
    Aug 21 15:34:28 snort[17189]: Allow Proxy Usage: NO
    Aug 21 15:34:28 snort[17189]: URI Discovery Strict Mode: NO
    Aug 21 15:34:28 snort[17189]: URI Discovery Strict Mode: NO
    Aug 21 15:34:28 snort[17189]: Inspect Pipeline Requests: YES
    Aug 21 15:34:28 snort[17189]: Inspect Pipeline Requests: YES
    Aug 21 15:34:28 snort[17189]: Max Number Header Fields: 0
    Aug 21 15:34:28 snort[17189]: Max Number Header Fields: 0
    Aug 21 15:34:28 snort[17189]: Max Header Field Length: 0
    Aug 21 15:34:28 snort[17189]: Max Header Field Length: 0
    Aug 21 15:34:28 snort[17189]: Max Chunk Length: 500000
    Aug 21 15:34:28 snort[17189]: Max Chunk Length: 500000
    Aug 21 15:34:28 snort[17189]: Client Flow Depth: 300
    Aug 21 15:34:28 snort[17189]: Client Flow Depth: 300
    Aug 21 15:34:28 snort[17189]: Server Flow Depth: 0
    Aug 21 15:34:28 snort[17189]: Server Flow Depth: 0
    Aug 21 15:34:28 snort[17189]: Ports: 80 8080
    Aug 21 15:34:28 snort[17189]: Ports: 80 8080
    Aug 21 15:34:28 snort[17189]: Server profile: All
    Aug 21 15:34:28 snort[17189]: Server profile: All
    Aug 21 15:34:28 snort[17189]: DEFAULT SERVER CONFIG:
    Aug 21 15:34:28 snort[17189]: DEFAULT SERVER CONFIG:
    Aug 21 15:34:28 snort[17189]: IIS Unicode Map Codepage: 1252
    Aug 21 15:34:28 snort[17189]: IIS Unicode Map Codepage: 1252
    Aug 21 15:34:28 snort[17189]: IIS Unicode Map Filename: /usr/local/etc/snort/snort_9713_bge1/unicode.map
    Aug 21 15:34:28 snort[17189]: IIS Unicode Map Filename: /usr/local/etc/snort/snort_9713_bge1/unicode.map
    Aug 21 15:34:28 snort[17189]: Detect Proxy Usage: NO
    Aug 21 15:34:28 snort[17189]: Detect Proxy Usage: NO
    Aug 21 15:34:28 snort[17189]: Inspection Type: STATELESS
    Aug 21 15:34:28 snort[17189]: Inspection Type: STATELESS
    Aug 21 15:34:28 snort[17189]: Max Pipeline Requests: 0
    Aug 21 15:34:28 snort[17189]: Max Pipeline Requests: 0
    Aug 21 15:34:28 snort[17189]: GLOBAL CONFIG
    Aug 21 15:34:28 snort[17189]: GLOBAL CONFIG
    Aug 21 15:34:28 snort[17189]: HttpInspect Config:
    Aug 21 15:34:28 snort[17189]: HttpInspect Config:
    Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
    Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
    Aug 21 15:34:28 snort[17189]: Stream5 ICMP Policy config:
    Aug 21 15:34:28 snort[17189]: Stream5 ICMP Policy config:
    Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
    Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
    Aug 21 15:34:28 snort[17189]: Stream5 UDP Policy config:
    Aug 21 15:34:28 snort[17189]: Stream5 UDP Policy config:
    Aug 21 15:34:28 snort[17189]: 19 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 19 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 18 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 18 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 17 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 17 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 16 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 16 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 15 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 15 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 14 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 14 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 13 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 13 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 12 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 12 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 11 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 11 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 10 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 10 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 9 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 9 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 8 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 8 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 7 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 7 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 6 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 6 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 5 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 5 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 4 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 4 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 3 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 3 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 2 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 2 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 1 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 1 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 0 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: 0 client (Footprint) server (Footprint)
    Aug 21 15:34:28 snort[17189]: Reassembly Ports:
    Aug 21 15:34:28 snort[17189]: Reassembly Ports:
    Aug 21 15:34:28 snort[17189]: Static Flushpoint Sizes: YES
    Aug 21 15:34:28 snort[17189]: Static Flushpoint Sizes: YES
    Aug 21 15:34:28 snort[17189]: Options:
    Aug 21 15:34:28 snort[17189]: Options:
    Aug 21 15:34:28 snort[17189]: Maximum number of segs to queue per session: 2621
    Aug 21 15:34:28 snort[17189]: Maximum number of segs to queue per session: 2621
    Aug 21 15:34:28 snort[17189]: Maximum number of bytes to queue per session: 1048576
    Aug 21 15:34:28 snort[17189]: Maximum number of bytes to queue per session: 1048576
    Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
    Aug 21 15:34:28 snort[17189]: Timeout: 30 seconds
    Aug 21 15:34:28 snort[17189]: Reassembly Policy: BSD
    Aug 21 15:34:28 snort[17189]: Reassembly Policy: BSD
    Aug 21 15:34:28 snort[17189]: Stream5 TCP Policy config:
    Aug 21 15:34:28 snort[17189]: Stream5 TCP Policy config:
    Aug 21 15:34:28 snort[17189]: Log info if session memory consumption exceeds 1048576
    Aug 21 15:34:28 snort[17189]: Log info if session memory consumption exceeds 1048576
    Aug 21 15:34:28 snort[17189]: Max ICMP sessions: 65536
    Aug 21 15:34:28 snort[17189]: Max ICMP sessions: 65536
    Aug 21 15:34:28 snort[17189]: Track ICMP sessions: ACTIVE
    Aug 21 15:34:28 snort[17189]: Track ICMP sessions: ACTIVE
    Aug 21 15:34:28 snort[17189]: Max UDP sessions: 131072
    Aug 21 15:34:28 snort[17189]: Max UDP sessions: 131072
    Aug 21 15:34:28 snort[17189]: Track UDP sessions: ACTIVE
    Aug 21 15:34:28 snort[17189]: Track UDP sessions: ACTIVE
    Aug 21 15:34:28 snort[17189]: Memcap (for reassembly packet storage): 8388608
    Aug 21 15:34:28 snort[17189]: Memcap (for reassembly packet storage): 8388608
    Aug 21 15:34:28 snort[17189]: Max TCP sessions: 8192
    Aug 21 15:34:28 snort[17189]: Max TCP sessions: 8192
    Aug 21 15:34:28 snort[17189]: Track TCP sessions: ACTIVE
    Aug 21 15:34:28 snort[17189]: Track TCP sessions: ACTIVE
    Aug 21 15:34:28 snort[17189]: Stream5 global config:
    Aug 21 15:34:28 snort[17189]: Stream5 global config:
    Aug 21 15:34:28 snort[17189]: Min fragment Length: 0
    Aug 21 15:34:28 snort[17189]: Min fragment Length: 0
    Aug 21 15:34:28 snort[17189]: Overlap Limit: 0
    Aug 21 15:34:28 snort[17189]: Overlap Limit: 0
    Aug 21 15:34:28 snort[17189]: Fragment Problems: 1
    Aug 21 15:34:28 snort[17189]: Fragment Problems: 1
    Aug 21 15:34:28 snort[17189]: Fragment min_ttl: 1
    Aug 21 15:34:28 snort[17189]: Fragment min_ttl: 1
    Aug 21 15:34:28 snort[17189]: Fragment timeout: 60 seconds
    Aug 21 15:34:28 snort[17189]: Fragment timeout: 60 seconds
    Aug 21 15:34:28 snort[17189]: Target-based policy: BSD
    Aug 21 15:34:28 snort[17189]: Target-based policy: BSD
    Aug 21 15:34:28 snort[17189]: Frag3 engine config:
    Aug 21 15:34:28 snort[17189]: Frag3 engine config:
    Aug 21 15:34:28 snort[17189]: Fragment memory cap: 4194304 bytes
    Aug 21 15:34:28 snort[17189]: Fragment memory cap: 4194304 bytes
    Aug 21 15:34:28 snort[17189]: Max frags: 8192
    Aug 21 15:34:28 snort[17189]: Max frags: 8192
    Aug 21 15:34:28 snort[17189]: Frag3 global config:
    Aug 21 15:34:28 snort[17189]: Frag3 global config:
    Aug 21 15:34:28 snort[17189]: Log directory = /var/log/snort
    Aug 21 15:34:28 snort[17189]: Log directory = /var/log/snort
    Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor
    Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
    Aug 21 15:34:28 snort[17189]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor…
    Aug 21 15:34:28 snort[17189]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor…
    Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules
    Aug 21 15:34:28 snort[17189]: Finished Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules
    Aug 21 15:34:28 snort[17189]: Warning: No dynamic libraries found in directory /usr/local/lib/snort/dynamicrules!
    Aug 21 15:34:28 snort[17189]: Warning: No dynamic libraries found in directory /usr/local/lib/snort/dynamicrules!
    Aug 21 15:34:28 snort[17189]: Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules…
    Aug 21 15:34:28 snort[17189]: Loading all dynamic detection libs from /usr/local/lib/snort/dynamicrules…
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: done
    Aug 21 15:34:28 snort[17189]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
    Aug 21 15:34:28 snort[17189]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
    Aug 21 15:34:28 snort[17189]: Tagged Packet Limit: 256
    Aug 21 15:34:28 snort[17189]: Tagged Packet Limit: 256
    Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
    Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
    Aug 21 15:34:28 snort[17189]: Search-Method = AC-Banded
    Aug 21 15:34:28 snort[17189]: Search-Method = AC-Banded
    Aug 21 15:34:28 snort[17189]: Detection:
    Aug 21 15:34:28 snort[17189]: Detection:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 6503:6504 ]
    Aug 21 15:34:28 snort[17189]: [ 6503:6504 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 2103 2105 2107 ]
    Aug 21 15:34:28 snort[17189]: [ 2103 2105 2107 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_TCP' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_TCP' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 135 593 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: [ 135 593 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 135 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: [ 135 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 135 139 445 593 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: [ 135 139 445 593 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 138 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: [ 138 1024:65535 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 139 445 ]
    Aug 21 15:34:28 snort[17189]: [ 139 445 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 5060:5090 16384:32768 ]
    Aug 21 15:34:28 snort[17189]: [ 5060:5090 16384:32768 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SIP_PROXY_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SIP_PROXY_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 443 465 563 636 989:990 992:995 ]
    Aug 21 15:34:28 snort[17189]: [ 443 465 563 636 989:990 992:995 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SSL_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SSL_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 25 143 465 691 ]
    Aug 21 15:34:28 snort[17189]: [ 25 143 465 691 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'MAIL_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'MAIL_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 23 ]
    Aug 21 15:34:28 snort[17189]: [ 23 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'TELNET_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'TELNET_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 44 ]
    Aug 21 15:34:28 snort[17189]: [ 44 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SSH_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SSH_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 161 ]
    Aug 21 15:34:28 snort[17189]: [ 161 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SNMP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SNMP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 25 ]
    Aug 21 15:34:28 snort[17189]: [ 25 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SMTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SMTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 139 445 ]
    Aug 21 15:34:28 snort[17189]: [ 139 445 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SMB_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SMB_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 514 ]
    Aug 21 15:34:28 snort[17189]: [ 514 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'RSH_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'RSH_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 513 ]
    Aug 21 15:34:28 snort[17189]: [ 513 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'RLOGIN_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'RLOGIN_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 111 32770:32779 ]
    Aug 21 15:34:28 snort[17189]: [ 111 32770:32779 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SUNRPC_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SUNRPC_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 110 ]
    Aug 21 15:34:28 snort[17189]: [ 110 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'POP3_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'POP3_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 109 ]
    Aug 21 15:34:28 snort[17189]: [ 109 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'POP2_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'POP2_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 119 ]
    Aug 21 15:34:28 snort[17189]: [ 119 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'NNTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'NNTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 1433 ]
    Aug 21 15:34:28 snort[17189]: [ 1433 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'MSSQL_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'MSSQL_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 6665:6669 7000 ]
    Aug 21 15:34:28 snort[17189]: [ 6665:6669 7000 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'IRC_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'IRC_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 143 ]
    Aug 21 15:34:28 snort[17189]: [ 143 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'IMAP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'IMAP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 21 ]
    Aug 21 15:34:28 snort[17189]: [ 21 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'FTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'FTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 79 ]
    Aug 21 15:34:28 snort[17189]: [ 79 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'FINGER_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'FINGER_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 53 ]
    Aug 21 15:34:28 snort[17189]: [ 53 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'DNS_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'DNS_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 113 ]
    Aug 21 15:34:28 snort[17189]: [ 113 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'AUTH_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'AUTH_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 1521 ]
    Aug 21 15:34:28 snort[17189]: [ 1521 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'ORACLE_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'ORACLE_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 0:79 81:65535 ]
    Aug 21 15:34:28 snort[17189]: [ 0:79 81:65535 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'SHELLCODE_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'SHELLCODE_PORTS' defined :
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: [ 80 ]
    Aug 21 15:34:28 snort[17189]: [ 80 ]
    Aug 21 15:34:28 snort[17189]: PortVar 'HTTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: PortVar 'HTTP_PORTS' defined :
    Aug 21 15:34:28 snort[17189]: Parsing Rules file "/usr/local/etc/snort/snort_9713_bge1/snort.conf"
    Aug 21 15:34:28 snort[17189]: Parsing Rules file "/usr/local/etc/snort/snort_9713_bge1/snort.conf"
    Aug 21 15:34:28 snort[17189]: Initializing Plug-ins!
    Aug 21 15:34:28 snort[17189]: Initializing Plug-ins!
    Aug 21 15:34:28 snort[17189]: Initializing Preprocessors!
    Aug 21 15:34:28 snort[17189]: Initializing Preprocessors!
    Aug 21 15:34:28 snort[17189]: Initializing Output Plugins!
    Aug 21 15:34:28 snort[17189]: Initializing Output Plugins!
    Aug 21 15:34:28 snort[17189]: –== Initializing Snort ==--
    Aug 21 15:34:28 snort[17189]: –== Initializing Snort ==--
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]:
    Aug 21 15:34:28 snort[17189]: Running in IDS mode
    Aug 21 15:34:28 snort[17189]: Running in IDS mode
    Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
    Aug 21 15:34:28 snort[17189]: Found pid path directive (/var/log/snort/run)
    Aug 21 15:34:28 SnortStartup[13517]: Snort Startup files Sync…



  • Okay, so basically when you get this error or you have nothing populating your Alerts or Blocks it mainly means one of two things - you are loading too many rules at one time or you need to Stop the service, make sure you've saved your If Settings, and finally Start the service again.  Doing this all from If Settings tab seems to be the easiest.  Anyone agree or disagree with these findings?



  • Looked this up myself the other day and found this.

    http://forum.pfsense.org/index.php/topic,28161.msg146864.html#msg146864



  • Thanks for that link Onhel; I saw that, but I ended up getting past that error by stopping the service and starting it again.  As long as the rules and proper Preprocessors were set the error went away.  One thing I did notice is that when I make any rule changes I need to stop and start the service to make those changes active.  Do you think running that would be a permanent fix or just something to run when that PID error comes up?



  • Anytime you make any changes to Snort, you have to restart it. If you don't, new settings won't take effect.



  • Good to know; Thank you Cino!


Locked