Snort 2.9.2.3 pkg v. 2.5.4 - Service Start
-
Hello
I have a problem with the snort service
Snort is accessible
Apparently enabled on the wan with rules …etcBUT the service appears stopped. I'm unable to start it via the gui but ssh snort fires the service ...
Any idea what is happening ?
-
You have to provide a bit more information and some logs.
-
Yes what kind of info ?
the Syslog ??Thanks
-
Yep syslog and ps -ax | grep snort
-
grep returns nothing
and the syslog is clear from anything related to snort
-
I started snort with ssh shell
grep command returns26151 0- S+ 0:00.26 snort
-
@ermal:
Yep syslog and ps -ax | grep snort
Ermal:
I had a problem starting Snort on one of my virtual machines I use for testing, and the system log was empty of any useful messages. Nothing gave me any clue why it was failing to start. I did the standard remove/install and it started working, but I think the change you made a couple of days back to slience some of Snort's log spamming may have went a bit too far. It appears to more or less have completely silenced Snort other than messages from the Rules Update.
I agree the former state was probably too much noise, but I think now we have the opposite – too little information about failures. Is there perhaps a middle ground?
-
I agree to the above stated! We dont have a clue when it goes down!
-
Dont know if this is related but noticed my lan alert interface wont start. It uses the default home netlist (my others use a custom)
Jan 30 14:40:56 snort[62809]: FATAL ERROR: /usr/local/etc/snort/snort_5622_em2/snort.conf(220) => Invalid ip_list to 'ignore_scanners' option.snort.conf line 220, only a snip of it. the subnet is wrong for pfsense lan IP.
var HOME_NET [127.0.0.1,192.168.0.1,/,68.172.xx.xx] -
I don't have a bad start or anything else.
I'm unable to start snort via the GUI.
Everything is fine with a terminal start.When I stop snort via the GUI … PFsense become unresponsive
-
Sometimes it looks like it isn't started when it actually is, also. I found the icon in "services" to be the correct one, regardless of whether or not the icon in "interfaces" is correct. I think supermule and I discussed this in a previous thread with someone else who fixed this issue, but none of the changes have been pushed into the package yet.
-
The icon in service is red for me unless I start snort in terminal
