Snort does not start, period.



  • ermal,

    As per your suggestion, I uninstalled, and installed Snort and with the following command, have verified that Snort is not running on my system. I even mentioned that a couple times on the previous thread and that kept being lost in others' updates, so I decided to start a new thread.

    ps -ax | grep snort

    5645  0  S+    0:00.02 grep snort

    At this time, I am kinda stuck since I have tried everything I could think of, so I really hope you have some ideas.

    Thanks,
    Hiranmoy



  • show me the output of 'clog /var/log/system.log'



  • Here it is. I don't know if it matters but I have obfuscated my WAN IP and Gateway for obvious reasons:

    Sep  5 17:08:44 pfsense kernel: Root mount waiting for: usbus6 usbus2
    Sep  5 17:08:44 pfsense kernel: uhub6: 6 ports with 6 removable, self powered
    Sep  5 17:08:44 pfsense kernel: Trying to mount root from ufs:/dev/ad4s1a
    Sep  5 17:08:44 pfsense kernel: ugen0.2: <stmicroelectronics>at usbus0
    Sep  5 17:08:44 pfsense kernel: pflog0: promiscuous mode enabled
    Sep  5 17:08:46 pfsense apinger: Starting Alarm Pinger, apinger(33804)
    Sep  5 17:08:47 pfsense php: : ROUTING: setting default route to 96.226.**.
    Sep  5 17:08:48 pfsense dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1
    Sep  5 17:08:48 pfsense dhcpd: Copyright 2004-2011 Internet Systems Consortium.
    Sep  5 17:08:48 pfsense dhcpd: All rights reserved.
    Sep  5 17:08:48 pfsense dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Sep  5 17:08:48 pfsense check_reload_status: Updating all dyndns
    Sep  5 17:08:48 pfsense dnsmasq[50213]: started, version 2.55 cachesize 10000
    Sep  5 17:08:48 pfsense dnsmasq[50213]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Sep  5 17:08:48 pfsense dnsmasq[50213]: reading /etc/resolv.conf
    Sep  5 17:08:48 pfsense dnsmasq[50213]: using nameserver 8.8.4.4#53
    Sep  5 17:08:48 pfsense dnsmasq[50213]: using nameserver 8.8.8.8#53
    Sep  5 17:08:48 pfsense dnsmasq[50213]: using nameserver 208.67.220.220#53
    Sep  5 17:08:48 pfsense dnsmasq[50213]: using nameserver 208.67.222.222#53
    Sep  5 17:08:48 pfsense dnsmasq[50213]: ignoring nameserver 127.0.0.1 - local interface
    Sep  5 17:08:48 pfsense dnsmasq[50213]: ignoring nameserver 127.0.0.1 - local interface
    Sep  5 17:08:48 pfsense dnsmasq[50213]: read /etc/hosts - 4 addresses
    Sep  5 17:08:53 pfsense php: : DynDns: updatedns() starting
    Sep  5 17:08:53 pfsense php: : DynDns debug information: 96.226.***.*** extracted from local system.
    Sep  5 17:08:53 pfsense php: : DynDns: Current WAN IP: 96.226.***.*** Cached IP: 96.226.***.***
    Sep  5 17:08:53 pfsense php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
    Sep  5 17:08:56 pfsense apinger: ALARM: GW_WAN(96.226.**.)  *** down ***
    Sep  5 17:09:06 pfsense check_reload_status: Reloading filter
    Sep  5 17:10:35 pfsense php: : OpenNTPD is starting up.
    Sep  5 17:10:36 pfsense apinger: alarm canceled: GW_WAN(96.226.**.)  *** down ***
    Sep  5 17:10:37 pfsense check_reload_status: Restarting ipsec tunnels
    Sep  5 17:10:40 pfsense php: : Creating rrd update script
    Sep  5 17:10:40 pfsense php: : miniupnpd: Starting service on interface: lan
    Sep  5 17:10:40 pfsense miniupnpd[17792]: HTTP listening on port 2189
    Sep  5 17:10:40 pfsense miniupnpd[17792]: HTTP listening on port 2189
    Sep  5 17:10:40 pfsense miniupnpd[17792]: Listening for NAT-PMP traffic on port 5351
    Sep  5 17:10:40 pfsense miniupnpd[17792]: Listening for NAT-PMP traffic on port 5351
    Sep  5 17:10:40 pfsense php: : Restarting/Starting all packages.
    Sep  5 17:10:40 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
    Sep  5 17:10:40 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
    Sep  5 17:10:41 pfsense login: login on ttyv0 as root
    Sep  5 17:10:42 pfsense sshlockout[38903]: sshlockout/webConfigurator v3.0 starting up
    Sep  5 17:10:43 pfsense php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
    Sep  5 17:10:45 pfsense check_reload_status: Reloading filter
    Sep  5 17:10:46 pfsense apinger: Error while feeding rrdtool: Broken pipe
    Sep  5 17:10:46 pfsense check_reload_status: Reloading filter
    Sep  5 17:10:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:10:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:11:00 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:11:00 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:11:46 pfsense apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
    Sep  5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 17:41:10 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 18:08:59 pfsense dhclient: RENEW
    Sep  5 18:08:59 pfsense dhclient: Creating resolv.conf
    Sep  5 18:38:45 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
    Sep  5 18:38:45 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
    Sep  5 18:38:58 pfsense check_reload_status: Syncing firewall
    Sep  5 18:38:58 pfsense php: /pkg_mgr_install.php: Beginning package installation for Cron.
    Sep  5 18:38:58 pfsense check_reload_status: Syncing firewall
    Sep  5 18:39:00 pfsense check_reload_status: Reloading filter
    Sep  5 18:39:28 pfsense check_reload_status: Syncing firewall
    Sep  5 18:39:28 pfsense php: /pkg_mgr_install.php: Beginning package installation for snort.
    Sep  5 18:39:29 pfsense check_reload_status: Syncing firewall
    Sep  5 18:39:48 pfsense check_reload_status: Syncing firewall
    Sep  5 18:39:48 pfsense check_reload_status: Reloading filter
    Sep  5 18:39:49 pfsense check_reload_status: Syncing firewall
    Sep  5 18:40:01 pfsense check_reload_status: Syncing firewall
    Sep  5 18:40:06 pfsense check_reload_status: Syncing firewall
    Sep  5 18:41:13 pfsense SnortStartup[56527]: Snort Startup files Sync…
    Sep  5 18:41:13 pfsense SnortStartup[60167]: Snort HARD Reload For 21540_em0_vlan10…
    Sep  5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 18:41:28 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 18:42:58 pfsense check_reload_status: Syncing firewall
    Sep  5 18:43:07 pfsense SnortStartup[12620]: Toggle for 21540_em0_vlan10…
    Sep  5 18:43:07 pfsense SnortStartup[21737]: Interface Rule START for 0_21540_em0_vlan10…
    Sep  5 18:45:04 pfsense sshd[43681]: Accepted keyboard-interactive/pam for admin from 192.168.1.200 port 3252 ssh2
    Sep  5 18:48:45 pfsense check_reload_status: Syncing firewall
    Sep  5 18:48:54 pfsense SnortStartup[14489]: Toggle for 21540_em0_vlan10…
    Sep  5 18:48:54 pfsense SnortStartup[35026]: Interface Rule START for 0_21540_em0_vlan10…
    Sep  5 18:49:40 pfsense check_reload_status: Syncing firewall
    Sep  5 18:49:44 pfsense check_reload_status: Syncing firewall
    Sep  5 18:54:01 pfsense check_reload_status: Syncing firewall
    Sep  5 18:54:17 pfsense check_reload_status: Syncing firewall
    Sep  5 18:54:23 pfsense check_reload_status: Syncing firewall
    Sep  5 18:54:27 pfsense check_reload_status: Syncing firewall
    Sep  5 18:55:02 pfsense check_reload_status: Syncing firewall
    Sep  5 18:55:23 pfsense check_reload_status: Syncing firewall
    Sep  5 18:55:35 pfsense check_reload_status: Syncing firewall
    Sep  5 18:55:40 pfsense check_reload_status: Syncing firewall
    Sep  5 18:55:45 pfsense SnortStartup[20559]: Interface Rule START for 0_21540_em0_vlan10…
    Sep  5 18:58:05 pfsense SnortStartup[38412]: Snort Startup files Sync…
    Sep  5 18:58:06 pfsense SnortStartup[40253]: Snort HARD Reload For 21540_em0_vlan10…
    Sep  5 19:09:17 pfsense dhclient: RENEW
    Sep  5 19:09:17 pfsense dhclient: Creating resolv.conf
    Sep  5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 19:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 20:09:23 pfsense dhclient: RENEW
    Sep  5 20:09:23 pfsense dhclient: Creating resolv.conf
    Sep  5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 20:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 21:09:24 pfsense dhclient: RENEW
    Sep  5 21:09:24 pfsense dhclient: Creating resolv.conf
    Sep  5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 21:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 22:01:29 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.201
    Sep  5 22:01:29 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.201
    Sep  5 22:01:39 pfsense check_reload_status: Syncing firewall
    Sep  5 22:01:44 pfsense check_reload_status: Syncing firewall
    Sep  5 22:01:54 pfsense check_reload_status: Syncing firewall
    Sep  5 22:01:54 pfsense check_reload_status: Reloading filter
    Sep  5 22:02:16 pfsense sshd[58072]: Accepted keyboard-interactive/pam for admin from 192.168.1.201 port 49723 ssh2
    Sep  5 22:09:25 pfsense dhclient: RENEW
    Sep  5 22:09:25 pfsense dhclient: Creating resolv.conf
    Sep  5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 22:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 23:09:25 pfsense dhclient: RENEW
    Sep  5 23:09:25 pfsense dhclient: Creating resolv.conf
    Sep  5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  5 23:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 00:09:26 pfsense dhclient: RENEW
    Sep  6 00:09:26 pfsense dhclient: Creating resolv.conf
    Sep  6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 00:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 01:01:01 pfsense php: : DynDns: updatedns() starting
    Sep  6 01:01:01 pfsense php: : DynDns debug information: 96.226.***.*** extracted from local system.
    Sep  6 01:01:01 pfsense php: : DynDns: Current WAN IP: 96.226.***.*** Cached IP: 96.226.***.***
    Sep  6 01:01:01 pfsense php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
    Sep  6 01:09:27 pfsense dhclient: RENEW
    Sep  6 01:09:27 pfsense dhclient: Creating resolv.conf
    Sep  6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 01:41:42 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 02:03:13 pfsense miniupnpd[17792]: Unsupported HTTP Command UNSUBSCRIBE
    Sep  6 02:03:13 pfsense miniupnpd[17792]: Unsupported HTTP Command UNSUBSCRIBE
    Sep  6 02:03:55 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
    Sep  6 02:03:55 pfsense miniupnpd[17792]: SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled
    Sep  6 02:04:11 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 02:04:11 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 02:04:16 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 02:04:16 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 02:09:27 pfsense dhclient: RENEW
    Sep  6 02:09:28 pfsense dhclient: Creating resolv.conf
    Sep  6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 03:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 03:09:28 pfsense dhclient: RENEW
    Sep  6 03:09:28 pfsense dhclient: Creating resolv.conf
    Sep  6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 04:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 04:09:29 pfsense dhclient: RENEW
    Sep  6 04:09:29 pfsense dhclient: Creating resolv.conf
    Sep  6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 05:03:55 pfsense miniupnpd[17792]: NewLeaseDuration=5400 not supported, ignored. (ip=192.168.1.106, desc='PlayOn')
    Sep  6 05:09:30 pfsense dhclient: RENEW
    Sep  6 05:09:30 pfsense dhclient: Creating resolv.conf
    Sep  6 05:21:19 pfsense sshd[31951]: Accepted keyboard-interactive/pam for admin from 192.168.1.200 port 4692 ssh2
    Sep  6 05:22:01 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
    Sep  6 05:22:01 pfsense php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.200
    Sep  6 05:22:23 pfsense check_reload_status: Syncing firewall
    Sep  6 05:22:23 pfsense php: /pkg_mgr_install.php: Beginning package installation for snort.
    Sep  6 05:22:23 pfsense check_reload_status: Syncing firewall
    Sep  6 05:22:43 pfsense check_reload_status: Syncing firewall
    Sep  6 05:22:43 pfsense check_reload_status: Reloading filter
    Sep  6 05:22:43 pfsense check_reload_status: Syncing firewall
    Sep  6 05:23:02 pfsense check_reload_status: Syncing firewall
    Sep  6 05:23:50 pfsense SnortStartup[19168]: Snort Startup files Sync…
    Sep  6 05:23:50 pfsense SnortStartup[23245]: Snort HARD Reload For 21540_em0_vlan10…</stmicroelectronics>



  • I am sorry but from this there is clearly something wrong in your install.
    That is my only suggestion.



  • Ok, understand that. Now the question is how do I fix it since merely uninstalling/reinstalling doesn't seem to do the trick?



  • I am running 2.0-RC3 (amd64)  and snort seems to be running fine after the last reinstall (uninstall then install) fixed the port scan blocking .


Log in to reply