Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - problems with configuration

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skipper
      last edited by

      Hi all,

      I installed and started snort package but I already faced some problems :( and I need some help.

      1. I enabled some categories and then from the rules tab I enabled more rules than the default, however after update the category is going back to the default enabled/disabled rules.
      I tried to edit the file as is described here (http://forum.pfsense.org/index.php/topic,42332.0.html) but it worked temporarily. Now it's back again to default.
      Is there any solution for this?

      2. When I enable some categories snort cannot start and there is an error: " FATAL ERROR: /usr/local/etc/snort/snort_12053_re4/rules/snort_exploit.rules(379) Unknown rule option: 'dce_iface' "
      I edit the file and commented where 'dce_iface' was but that didn't work,

      3. I have duplicate logs, everything is shown twice for snort under "Status: System logs: System"
      is there something i must enable/disable?

      Is there any option where i can see the description for the rules of each category so I know what exactly is each rule detecting?

      Thanks in advance

      pfSense: 2.0-RELEASE (amd64)
      snort: 2.9.1 pkg v. 2.1.1

      1 Reply Last reply Reply Quote 0
      • S
        skipper
        last edited by

        I solved my second problem by enabling everything under "Snort: Interface: Preprocessors and Flow" even though I don't know if it's the right way. No error so far for the categories I have enabled.

        However, i was not able to find a solution about the enabled rules (signatures) on each category. I guess i have to live with that for now :/

        But for sure there must be somewhere a description/documentation of each category, what kind of attacks is preventing but i could not find it so far..if someone has found something plz let me know

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.