Snort not working



  • Hi

    snort not working in my pfsense. Im using PFsense 1.2 RC1. All porno sites was able to access. Here is my sys log. Can someone help me.

    Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
    Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
    Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
    Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
    Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
    Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
    Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
    Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
    Sep 19 15:47:54 snort[11014]: | none
    Sep 19 15:47:54 snort[11014]: | none
    Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
    Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
    Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
    Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
    Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
    Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
    Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
    Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
    Sep 19 15:47:54 snort[11014]: Initializing daemon mode
    Sep 19 15:47:54 snort[11014]: Initializing daemon mode
    Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
    Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
    Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
    Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
    Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
    Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
    Sep 19 15:47:56 snort[11014]: Daemon parent exiting
    Sep 19 15:47:56 snort[11014]: Daemon parent exiting
    Sep 19 15:48:13 SnortStartup[11051]: Ram free BEFORE starting Snort: 111M – Ram free AFTER starting Snort: 111M -- Mode ac-sparsebands -- Snort memory usage:
    Sep 19 15:48:16 dnsmasq[5154]: reading /var/dhcpd/var/db/dhcpd.leases
    Sep 19 15:48:17 kernel: tcp_output: inc sockbuf, old 65340, new 73532, sb_cc 61929, snd_wnd 65535, sendwnd 46464
    Sep 19 15:49:04 last message repeated 2 times
    Sep 19 15:49:20 kernel: ng0: promiscuous mode disabled



  • Sep 19 15:47:54    snort[11015]: PID path stat checked out ok, PID path set to /var/run/
    Sep 19 15:47:54    snort[11015]: PID path stat checked out ok, PID path set to /var/run/
    Sep 19 15:47:54    snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
    Sep 19 15:47:54    snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
    

    Do you connect to the internet via PPoE?

    I am currently having the same error but on ath0 but I've set snort to listen on to bfe0 (WAN)

    Slam


Log in to reply