3. Snort 2.9.3 v2.4.0 no alerts, no blocking…

Snort 2.9.3 v2.4.0 no alerts, no blocking…

  • _

    updated snort, but now no alerts nor blocking works. :(

    logs in /var/log/snort are empty.

    0
  • E

    Just check to see that your rules and preprocessors are enabled.

    0
  • F

    Updating the package and the rules work, but starting up fails with this message in the system logs:

    snort[10689]: FATAL ERROR: /usr/local/etc/snort/snort_2791_em0/snort.conf(120) => Failed to parse: No end brace found

    0
  • V

    same here

    0
  • E

    Heh fixed the ssl port definition of ports.
    I had tested it with custom SSL ignore range.

    Anyway in 15 minutes will be safe to upgrade and issue will be fixed.

    0
  • E

    @miles267:

    ugh.  snort seems to get progressively worse with each build.  hasn't functioned reliably in months.  next time I get it to work, no way I'm updating again.  now:

    Thank you for helping in testing.

    0
  • M

    Updated to: Snort 2.9.2.3 pkg v. 2.4.1

    Noticed that no matter what I enter into the If Settings > 'Advanced Configuration Pass Through' dialog box, it gets converted to a string of random characters.

    For example, if I enter: portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] and SAVE.  When I go back, it will then display in the same dialog box:

    cG9ydHZhciBGSUxFX0RBVEFfUE9SVFMgWyRIVFRQX1BPUlRTLDExMCwxNDNd

    Also, despite entering: 443 563
    into the Define SSL_IGNORE dialog box, snort still will not start.  And returns the following:

    snort[26571]: FATAL ERROR: /usr/local/etc/snort/snort_9414_em2/snort.conf(54) Missing argument to SSL_PORTS_IGNORE

    0
  • E

    Fixed also.
    Again test after 15minutes.

    0
  • M

    @ermal:

    Fixed also.
    Again test after 15minutes.

    OK - great.  Will there be a 2.4.2? or have you already fixed 2.4.1?  I've re-installed 2.4.1 as of 7:30 PM CT but the same issue persists.  Perhaps I updated too soon.

    0
  • C

    install went well but snort isn't alerting. Usually a common port scan from https://www.grc.com/x/ne.dll?bh0bkyd2 will generate an alert

    0
  • E

    Reinstall with latest fixes it should behave better.

    0
  • _

    deinstalled snort, installed it newly, did a reboot after updating, snort started, but still no alerts nor blocking… :(
    But at all the overhaul was great! Behaves much better!!!!

    edit: snort started reporting alerts, but still no blocking :(

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy