Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is the problem in SNORT!

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      barisnet
      last edited by

      Hi,

      I have a problem about snort. I try a lot of thing but i did not find any solutions. Therefore i am writing to this mail.
      Firstly i have a pfsense firewall. Thsi pfsense version is 2.0 stabil version and i added the snort stable packages on this firewall. Until to here everything is ok. When i click to the snort service button is not starting.i added printscreen.

      I do not know why snort is not starting. i look log files but it is not any snort messages in here. When i open ssh connection with puty to this firewall after that i write snort command this service otomatically starting.Printscreen like this.

      After that i add my snort id

      After this step rules download from snort server. It is like.

      On Update panel it likes. it shows installed signature ruleset id.

      Until to here pfsense gives only service problem but when i connect to pfsense firewall with ssh after that on command line i write "snort" only service automatically started.
      Other problem is very very important to us. I will explain all of thing.
      Now i have a Firewall, host, domain name,adsl modem. I want to test to this snort. In here i downloaded from internet web tester program. it is like

      When i run to stress program to my domain. In this secanario to this program running on my computer.

      I will explain step by step.
      My computer and Stress program ===> Adsl Modem ==> INTERNET and DNS SERVER ==>return to firewall==> other computer it is including my domain.

      To here Snort program not any alet or blocking messages.It is listening WAN ethernet. My ip block is different to host ip. My ip number is 192.168.1.x but host domain and firewall is 20.0.x.x.
      You can see below that it is not giving any alert or blocking messages. What will i do? How can i solve to this problem?

      1 Reply Last reply Reply Quote 0
      • G
        GrandmasterB
        last edited by

        Looks like the same problem I have. -> http://forum.pfsense.org/index.php/topic,45191.0.html

        Can you check if you have the snort binary-file in /usr/local/bin? In my case the packages snort.tgz etc. were not installed correctly.

        1 Reply Last reply Reply Quote 0
        • B
          barisnet
          last edited by

          @GrandmasterB:

          Looks like the same problem I have. -> http://forum.pfsense.org/index.php/topic,45191.0.html

          Can you check if you have the snort binary-file in /usr/local/bin? In my case the packages snort.tgz etc. were not installed correctly.

          Where is the snort binary. How can i reinstall this file. Now i am looking log files it gives some error it likes
          snort[32143]: FATAL ERROR: /usr/local/etc/snort/snort_52423_re0/snort.conf(145) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/snort_52423_re0/unicode.map'.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.