Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SNORT Wont Start after Upgrade to 2.9.1- FATAL ERROR: Unable to open rules file

    pfSense Packages
    1
    3
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      humps
      last edited by

      I have been Running Pfsense 2.0 with Snort 2.9.0.5 for a while now with no issues
      After Weeks of Not Upgrading to the latest version (2.9.1) i decided to Upgrade today but after Upgrading to Snort 2.9.1 Snort will not Start  :-[
      I have updated the snort rules and try restarting the service but that dont work, each time the rules are loaded and the service tries to start i get this error :

      Dec 22 09:10:27 pfsfw snort[34705]:    Search-Method = AC-Std
      Dec 22 09:10:27 pfsfw snort[34705]:    Search-Method = AC-Std
      Dec 22 09:10:27 pfsfw snort[34705]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9558_em0//usr/local/etc/snort/snort_9558_em0/reference
      .config": No such file or directory.
      Dec 22 09:10:27 pfsfw snort[34705]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9558_em0//usr/local/etc/snort/snort_9558_em0/reference
      .config": No such file or directory.
      Dec 22 09:10:27 pfsfw SnortStartup[34998]: Interface Rule START for 0_9558_em0…
      I Also Saw this at the end of the screen after the firewall was rebooted:

      cp: /usr/local/etc/snort/gen-msg.map: No such file or directory
      cp: /usr/local/etc/snort/classification.config: No such file or directory
      cp: /usr/local/etc/snort/reference.config: No such file or directory
      cp: /usr/local/etc/snort/unicode.map: No such file or directory
      cp: /usr/local/etc/snort/threshold.conf: No such file or directory
      done
      Bootup complete

      I know the new version (2.9.1) has been out for a while now hence someone must have experienced this problem an probably can help me fix for this issue

      Any Help Appreciated,
      Thanks Much

      1 Reply Last reply Reply Quote 0
      • H
        humps
        last edited by

        Ok I Remove the Snort Package, then installed it again
        Snort Service now Starts fine but i'm now getting an Error
        " (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE "
        Snort now automatically blocks every website i visit.. :(
        I'm  gonna have a look around the forums to see if i can find some any answers to rectify this issue

        1 Reply Last reply Reply Quote 0
        • H
          humps
          last edited by

          Snort Suppression Tutorial . . .
          https://www.youtube.com/watch?v=uQ7OrxtiAes

          Add Snort Suppression for Error: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
          suppress gen_id 120,sig_id 3

          Go to Snort WAN interface edit; Scroll down to Suppression and filtering
          Choose the Suppression just created
          Click Save
          Restart Service
          Do a port scan to see if it would trigger an alert https://www.grc.com/x/ne.dll?rh1dkyd2

          Good to Go Again  ;D  :D

          One down one to go.. Only need to Upgrade to Pfsense 2.0.1 now
          Cheers  8)

          Problem Solved…can someone mark it as solved ??
          I hope i dont have to repeat this process when i Upgrade to Pfsense 2.0.1

          1 Reply Last reply Reply Quote 0
          • First post
            Last post