Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [SOLVED] Snort not starting after removal of Nmap

    pfSense Packages
    1
    1
    869
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bman212121 last edited by

      This is more of a comment than a question. I have snort 2.9.2.3 pkg v. 2.5.1 installed on my box, but it was broken. Looking in the log files showed no info. After cruising through some threads, I found the command to start snort from the shell.

      /usr/local/etc/rc.d/snort.sh start

      After running that I get this error message:

      pgrep: Pidfile `/var/run/snort_snip.pid' is empty
      /libexec/ld-elf.so.1: Shared object "libpcap.so.1" not found, required by "snort"

      So pcap is missing from my system. Tried reinstall from the packages, didn't fix it. Tried pkg_delete -f snort* pcre* to delete snort first, that didn't work either. (maybe I also needed pcap*   ??, or a complete uninstall / install)

      I found some material referencing pcap being used by nmap. I installed nmap again and saw it install pcap.

      Ran:

      /usr/local/etc/rc.d/snort.sh start

      and everything starts up just fine again.

      Just a heads up to anyone else who might have this problem. Snort doesn't seem to install pcap, but it still relies on it to function. Once things get changed to PBIs this shouldn't be an issue but maybe this post will help others sort out the issue quickly. If snort fails to start but doesn't give any warnings, trying to start from the shell should give you an idea what is broken.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post