Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.2.3 pkg v. 2.4.1 Issues

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 7 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mschiek01
      last edited by

      Latest update will not start SSL ports are defined

      Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
      Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
      Jul 11 22:07:25 snort[51882]:
      Jul 11 22:07:25 snort[51882]:
      Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
      Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
      Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :
      Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :

      1 Reply Last reply Reply Quote 0
      • C
        chowtamah
        last edited by

        Snort 2.9.2.3 pkg v. 2.4.1

        Started without problem.

        Thanks for the fantastic design of Categories page. :-*

        2.0.2-RELEASE (amd64)  &  2.2.2-RELEASE (amd64)

        Always trying to learn!!

        1 Reply Last reply Reply Quote 0
        • AhnHELA
          AhnHEL
          last edited by

          @mschiek01:

          Latest update will not start SSL ports are defined

          Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
          Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
          Jul 11 22:07:25 snort[51882]:
          Jul 11 22:07:25 snort[51882]:
          Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
          Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
          Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :
          Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :

          If you go into your Preprocessor Tab and put a comma in between each port for the Define SSL_IGNORE, then Snort will start successfully.  Instructions on that tab state use spaces and not commas but apparently that isn't the case anymore.

          AhnHEL (Angel)

          1 Reply Last reply Reply Quote 0
          • D
            digdug3
            last edited by

            The font size in the supression list is still to small.

            please change /themes/pfsense_ng/all.css:
            .formpre {
                font-family: Courier New,Courier,monospaced;
                font-size: 10px;
            }

            to:
            .formpre {
                font-family: Courier New,Courier,monospaced;
                font-size: 12px;
            }

            1 Reply Last reply Reply Quote 0
            • J
              judex
              last edited by

              I also say a big thanks for all of you putting efforts into making this package stable again. Basically it runs very well on my system the last days.
              Also the new categories interface looks much better.

              Only thing I am missing on categories page is my local ruleset which is named "my.rules". Are local categories expected to have a special naming?
              Anyway, it is still possible to select this local category on rules page, where it shows up as selected and active. So it is not a big issue.

              Thx again and have a nice day!

              Greets, Judex

              2.1-RELEASE (amd64)
              built on Wed Sep 11 18:17:48 EDT 2013
              FreeBSD 8.3-RELEASE-p11

              1 Reply Last reply Reply Quote 0
              • J
                judex
                last edited by

                Update: 2.4.1 does no alerting on my system (2.0.1, amd64) also.  :-
                There seems to be no improvement from 2.4.0

                2.1-RELEASE (amd64)
                built on Wed Sep 11 18:17:48 EDT 2013
                FreeBSD 8.3-RELEASE-p11

                1 Reply Last reply Reply Quote 0
                • F
                  fragged
                  last edited by

                  I got Snort 2.4.2 working after I used pkg_delete to remove few of the Snort dependencies which were missing files and now Snort blocks my LAN machines which it didn't do before. I should have the same settings as before.. Whats going on? :)

                  Edit:
                  Actually.. it blocks my WAN address, even that should be whitelisted.

                  1 Reply Last reply Reply Quote 0
                  • E
                    eri--
                    last edited by

                    Reisntall to 2.4.2 and all should be ok.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.