Snort issues…



  • I'm a newb to pfsense, so please forgive me. While I'm no pro, I can make my way around linux and bsd environments.

    Machine:
    PIII 1Ghz
    512mb pc133 ram
    5 interfaces, 4 100mb ethernet 1 wireless (all functioning perfectly)
    20gb hard drive (I think… don't remember)

    pfsense:
    pfSense-2.0-RELEASE-i386.iso.gz 17-Sep-2011 04:07 98M ISO Image
    (multi-processor kernel installed because I didn't see a better option? o_O)

    Snort:

    # snort -V
    
       ,,_     -*> Snort! <*-
      o"  )~   Version 2.9.0.5 IPv6 GRE (Build 135) FreeBSD
       ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-t
    eam
               Copyright (C) 1998-2011 Sourcefire, Inc., et al.
               Using libpcap version 1.1.1
               Using PCRE version: 8.12 2011-01-15
               Using ZLIB version: 1.2.3
    

    I can't get many rulesets to run, I wish I had kept track of all of them, but for sure I know the one with the most issues is snort_exploits (which I'd really like to run). When trying, snort immediately crashes and I get the following system log entry:

    snort[30509]: FATAL ERROR: /usr/local/etc/snort/snort_63759_xl1/rules/snort_exploit.rules(384) Unknown rule option: 'dce_iface'.
    

    Any ideas what's going on? Could this be related to my version of snort, or are the rules messed up or something? While this is concerning, my real fear  is that a rule update will add "unworking" rules, completely disabling snort without my knowledge.

    Thanks in advance for any assistance!





  • thanks a lot :D I'll try it out and try to get it going.

    Sorry if this has been covered multiple times, I can assure you I did many many searches prior to posting this.


Log in to reply