Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort stays online for a while, then fails to start again…

    pfSense Packages
    3
    4
    1007
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mediumgrade last edited by

      Snort info:
      2.9.4.1
      pkg v. 2.5.5

      So, I can get Snort to start for a while, then it will refuse to start. When I look at the logs, I see this:

      /usr/local/etc/snort/snort_11942_bge0/preproc_rules/decoder.rules(1) Unknown ClassType: protocol-command-decode
      

      When I look into the /usr/local/etc/snort/snort_11942_bge0/ directory, I see that the classification.config is at 0 bytes. If I copy the version in /usr/local/etc/snort/ to the /usr/local/etc/snort/snort_11942_bge0/ directory, I can get it to start again. However, this file seems to go back to zero eventually and I have to do this all over again. I don't know enough about Snort to have any idea as to why this happens.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        You need to upgrade there is no other options to fix these issues.
        Install latest snort version and these should be fixed.

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          Ermal is correct.  This was an issue in earlier versions caused by a logic problem in the automatic rules update code.  Under certain situations, the updating of the classification.config and reference.config files would result in empy, zero-length files.  Snort definitely did not like that and would dump on the first alert detection when it tried to read the classification and/or reference information from the files to include with the log message.

          The current 2.5.7 version of the Snort Package fixed this issue.

          Bill

          1 Reply Last reply Reply Quote 0
          • M
            mediumgrade last edited by

            So far so good. I'll let you know.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy