Last update killed snort



  • Updated today 5min ago and it killed Snort again.

    2.1-BETA1 (i386)
    built on Wed Apr 3 21:48:42 EDT 2013
    FreeBSD 8.3-RELEASE-p7

    Then I uninstalled Snort and re-installed, still no joy.

    Also, I'm getting a lot cpustats (almost every second):

    Apr 4 15:10:07 	kernel: pid 49780 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:10:06 	kernel: pid 31270 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:10:03 	kernel: pid 80006 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:10:01 	kernel: pid 46651 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:10:00 	kernel: pid 20873 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:59 	kernel: pid 5434 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:57 	kernel: pid 76350 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:55 	kernel: pid 61202 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:53 	kernel: pid 27059 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:48 	kernel: pid 38430 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:47 	kernel: pid 22141 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:46 	kernel: pid 4284 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:44 	kernel: pid 69727 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:43 	kernel: pid 50822 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:37 	kernel: pid 62116 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:36 	kernel: pid 44508 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:09:35 	kernel: pid 26926 (cpustats), uid 0: exited on signal 11 (core dumped)
    
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Checking for and disabling any rules dependent upon disabled preprocessors for WAN1...
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Could not find the libsf_dns_preproc file. Snort might error out!
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Could not find the libsf_dce2_preproc file. Snort might error out!
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Could not find the libsf_ssl_preproc file. Snort might error out!
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Could not find the libsf_smtp_preproc file. Snort might error out!
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Could not find the libsf_ftptelnet_preproc file. Snort might error out!
    Apr 4 15:07:24 	php: /snort/snort_interfaces.php: Toggle(snort starting) for WAN1(Protect LAN from WAN)...
    


  • I decided to shutdown/restart to see:

    Apr 4 15:14:24 	kernel: pid 20840 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:20 	kernel: pid 57851 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:19 	kernel: pid 23364 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:19 	php: /index.php: Successful login for user 'admin' from: 192.168.0.1
    Apr 4 15:14:19 	php: /index.php: Successful login for user 'admin' from: 192.168.0.1
    Apr 4 15:14:18 	kernel: pid 6044 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:13 	kernel: pid 22404 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:12 	kernel: pid 6876 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:11 	php: : The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '1', the output was 'usage: sleep seconds'
    Apr 4 15:14:11 	kernel: pid 89598 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:10 	kernel: pid 73175 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:08 	php: : Checking for and disabling any rules dependent upon disabled preprocessors for WAN1...
    Apr 4 15:14:08 	kernel: pid 56228 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:08 	php: : Could not find the libsf_dns_preproc file. Snort might error out!
    Apr 4 15:14:08 	php: : Could not find the libsf_dce2_preproc file. Snort might error out!
    Apr 4 15:14:08 	php: : Could not find the libsf_ssl_preproc file. Snort might error out!
    Apr 4 15:14:08 	php: : Could not find the libsf_smtp_preproc file. Snort might error out!
    Apr 4 15:14:08 	php: : Could not find the libsf_ftptelnet_preproc file. Snort might error out!
    Apr 4 15:14:07 	kernel: pid 40414 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:06 	kernel: pid 22324 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:05 	kernel: pid 3048 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:05 	sshlockout[5394]: sshlockout/webConfigurator v3.0 starting up
    Apr 4 15:14:05 	login: login on ttyv0 as root
    Apr 4 15:14:04 	php: : No pfBlocker action during boot process.
    Apr 4 15:14:04 	php: : No pfBlocker action during boot process.
    Apr 4 15:14:04 	php: : No pfBlocker action during boot process.
    Apr 4 15:14:04 	php: : No pfBlocker action during boot process.
    Apr 4 15:14:04 	php: : Restarting/Starting all packages.
    Apr 4 15:14:03 	kernel: pid 81660 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:02 	kernel: pid 64098 (cpustats), uid 0: exited on signal 11 (core dumped)
    Apr 4 15:14:01 	ntpd_intres[35614]: ntpd exiting on signal 15
    Apr 4 15:14:01 	check_reload_status: Starting packages
    


  • Apr 4 15:14:24 kernel: pid 20840 (cpustats), uid 0: exited on signal 11 (core dumped)

    Bad compiled Kernel?

    I'm really getting no cpustats at all:

    last pid: 72497;  load averages:     f,     f,     f    up 0+00:16:57  15:30:25
    37 processes:  1 running, 36 sleeping
    CPU:     % user,     % nice,     % system,     % interrupt,     % idle
    Mem: 27M Active, 9952K Inact, 143M Wired, 2396K Cache, 104M Buf, 3032M Free
    Swap: 8192M Total, 8192M Free
    


  • Solution: Do NOT use last update "built on Wed Apr 3 21:48:42 EDT 2013" is broken aka pfSense-Full-Update-2.1-BETA1-i386-20130403-2147.tgz.


Locked