Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort-2.8.6.1, cannot start (pfSense 1.2.3)

    pfSense Packages
    1
    1
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dubnium
      last edited by

      Bad installation? NIC related? Deprecated?
      I have installed/removed/reset…

      Global Settings/Rules:
      -Install Snort.org rules (file downloaded failed...)
      -Install Emergingthreats rules (updated)

      Preprocessors: enabled (all)
      Barnyard2: disabled
      Performance: ac-bnfa

      pfSense 1.2.3-RELEASE (FreeBSD 7.2-RELEASE-p5 i386)
      snort-2.8.6.1 pkg v. 1.35

      TOGGLE START:

      Warning: mkdir(/var/log/snort/snort_xl060421): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: mkdir(/var/log/snort/snort_xl060421/barnyard2): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: mkdir(/var/log/snort/snort_lan22990): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: mkdir(/var/log/snort/snort_lan22990/barnyard2): No such file or directory in /etc/inc/pfsense-utils.inc on line 2149 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:2149) in /usr/local/www/snort/snort_interfaces.php on line 136

      LOG:

      Warning: filesize(): Stat failed for /tmp/snort_logs_2012-08-19-11-35-03.tar.gz (errno=2 - No such file or directory) in /usr/local/www/snort/snort_alerts.php on line 150

      Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_alerts.php:150) in /usr/local/www/snort/snort_alerts.php on line 150

      Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_alerts.php:150) in /usr/local/www/snort/snort_alerts.php on line 151

      Warning: readfile(/tmp/snort_logs_2012-08-19-11-35-03.tar.gz): failed to open stream: No such file or directory in /usr/local/www/snort/snort_alerts.php on line 152

      Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_alerts.php:150) in /usr/local/www/snort/snort_alerts.php on line 156

      SHELL:

      snort

      Running in IDS mode

      –== Initializing Snort ==--
      Initializing Output Plugins!
      Initializing Preprocessors!
      Initializing Plug-ins!
      Parsing Rules file "/usr/local/etc/snort/snort.conf"
      PortVar 'HTTP_PORTS' defined :  [ 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
      PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
      PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
      Detection:
        Search-Method = AC-BNFA-Q
      ERROR: Unable to open rules file "/usr/local/etc/snort/./rules/local.rules": No such file or directory.
      Fatal Error, Quitting..

      1 Reply Last reply Reply Quote 0
      • First post
        Last post