Snort 2.9.2.3 pkg v. 2.5.4 - Service Start

pfSense Packages
Log in to reply
  • S

    Hello

    I have a problem with the snort service

    Snort is accessible
    Apparently enabled on the wan with rules …etc

    BUT the service appears stopped. I'm unable to start it via the gui but ssh snort fires the service ...

    Any idea what is happening ?

    0
  • E

    You have to provide a bit more information and some logs.

    0
  • S

    Yes what kind of info ?
    the Syslog ??

    Thanks

    0
  • E

    Yep syslog and ps -ax | grep snort

    0
  • S

    grep returns nothing

    and the syslog is clear from anything related to snort

    0
  • S

    I started snort with ssh shell
    grep command returns

    26151  0- S+    0:00.26 snort

    0
  • bmeeks

    @ermal:

    Yep syslog and ps -ax | grep snort

    Ermal:

    I had a problem starting Snort on one of my virtual machines I use for testing, and the system log was empty of any useful messages.  Nothing gave me any clue why it was failing to start.  I did the standard remove/install and it started working, but I think the change you made a couple of days back to slience some of Snort's log spamming may have went a bit too far.  It appears to more or less have completely silenced Snort other than messages from the Rules Update.

    I agree the former state was probably too much noise, but I think now we have the opposite – too little information about failures. Is there perhaps a middle ground?

    0
  • S
    Banned

    I agree to the above stated! We dont have a clue when it goes down!

    0
  • C

    Dont know if this is related but noticed my lan alert interface wont start. It uses the default home netlist (my others use a custom)

    
Jan 30 14:40:56 	snort[62809]: FATAL ERROR: /usr/local/etc/snort/snort_5622_em2/snort.conf(220) => Invalid ip_list to 'ignore_scanners' option.

    snort.conf line 220, only a snip of it. the subnet is wrong for pfsense lan IP.

    
var HOME_NET [127.0.0.1,192.168.0.1,/,68.172.xx.xx]
    0
  • S

    I don't have a bad start or anything else.

    I'm unable to start snort via the GUI.
    Everything is fine with a terminal start.

    When I stop snort via the GUI … PFsense become unresponsive

    0
  • D

    Sometimes it looks like it isn't started when it actually is, also. I found the icon in "services" to be the correct one, regardless of whether or not the icon in "interfaces" is correct. I think supermule and I discussed this in a previous thread with someone else who fixed this issue, but none of the changes have been pushed into the package yet.

    0
  • S

    The icon in service is red for me unless I start snort in terminal

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy