Snort-2.8.6.1, cannot start (pfSense 1.2.3)
-
Bad installation? NIC related? Deprecated?
I have installed/removed/reset…Global Settings/Rules:
-Install Snort.org rules (file downloaded failed...)
-Install Emergingthreats rules (updated)Preprocessors: enabled (all)
Barnyard2: disabled
Performance: ac-bnfapfSense 1.2.3-RELEASE (FreeBSD 7.2-RELEASE-p5 i386)
snort-2.8.6.1 pkg v. 1.35TOGGLE START:
Warning: mkdir(/var/log/snort/snort_xl060421): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: mkdir(/var/log/snort/snort_xl060421/barnyard2): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: mkdir(/var/log/snort/snort_lan22990): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: mkdir(/var/log/snort/snort_lan22990/barnyard2): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 136
LOG:
Warning: filesize(): Stat failed for /tmp/snort_logs_2012-08-19-11-35-03.tar.gz (errno=2 - No such file or directory) in /usr/local/www/snort/snort_alerts.php on line 150
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_alerts.php:150) in /usr/local/www/snort/snort_alerts.php on line 150
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_alerts.php:150) in /usr/local/www/snort/snort_alerts.php on line 151
Warning: readfile(/tmp/snort_logs_2012-08-19-11-35-03.tar.gz): failed to open stream: No such file or directory in /usr/local/www/snort/snort_alerts.php on line 152
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_alerts.php:150) in /usr/local/www/snort/snort_alerts.php on line 156
SHELL:
snort
Running in IDS mode
–== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/usr/local/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1521 ]
Detection:
Search-Method = AC-BNFA-Q
ERROR: Unable to open rules file "/usr/local/etc/snort/./rules/local.rules": No such file or directory.
Fatal Error, Quitting..