What is the problem in SNORT!



  • Hi,

    I have a problem about snort. I try a lot of thing but i did not find any solutions. Therefore i am writing to this mail.
    Firstly i have a pfsense firewall. Thsi pfsense version is 2.0 stabil version and i added the snort stable packages on this firewall. Until to here everything is ok. When i click to the snort service button is not starting.i added printscreen.

    I do not know why snort is not starting. i look log files but it is not any snort messages in here. When i open ssh connection with puty to this firewall after that i write snort command this service otomatically starting.Printscreen like this.

    After that i add my snort id

    After this step rules download from snort server. It is like.

    On Update panel it likes. it shows installed signature ruleset id.

    Until to here pfsense gives only service problem but when i connect to pfsense firewall with ssh after that on command line i write "snort" only service automatically started.
    Other problem is very very important to us. I will explain all of thing.
    Now i have a Firewall, host, domain name,adsl modem. I want to test to this snort. In here i downloaded from internet web tester program. it is like

    When i run to stress program to my domain. In this secanario to this program running on my computer.

    I will explain step by step.
    My computer and Stress program ===> Adsl Modem ==> INTERNET and DNS SERVER ==>return to firewall==> other computer it is including my domain.

    To here Snort program not any alet or blocking messages.It is listening WAN ethernet. My ip block is different to host ip. My ip number is 192.168.1.x but host domain and firewall is 20.0.x.x.
    You can see below that it is not giving any alert or blocking messages. What will i do? How can i solve to this problem?



  • Looks like the same problem I have. -> http://forum.pfsense.org/index.php/topic,45191.0.html

    Can you check if you have the snort binary-file in /usr/local/bin? In my case the packages snort.tgz etc. were not installed correctly.



  • @GrandmasterB:

    Looks like the same problem I have. -> http://forum.pfsense.org/index.php/topic,45191.0.html

    Can you check if you have the snort binary-file in /usr/local/bin? In my case the packages snort.tgz etc. were not installed correctly.

    Where is the snort binary. How can i reinstall this file. Now i am looking log files it gives some error it likes
    snort[32143]: FATAL ERROR: /usr/local/etc/snort/snort_52423_re0/snort.conf(145) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/snort_52423_re0/unicode.map'.


Locked