Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort not working

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pogey
      last edited by

      Hi

      snort not working in my pfsense. Im using PFsense 1.2 RC1. All porno sites was able to access. Here is my sys log. Can someone help me.

      Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
      Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
      Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
      Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
      Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
      Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
      Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
      Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
      Sep 19 15:47:54 snort[11014]: | none
      Sep 19 15:47:54 snort[11014]: | none
      Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
      Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
      Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
      Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
      Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
      Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
      Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
      Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
      Sep 19 15:47:54 snort[11014]: Initializing daemon mode
      Sep 19 15:47:54 snort[11014]: Initializing daemon mode
      Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
      Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
      Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
      Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
      Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
      Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
      Sep 19 15:47:56 snort[11014]: Daemon parent exiting
      Sep 19 15:47:56 snort[11014]: Daemon parent exiting
      Sep 19 15:48:13 SnortStartup[11051]: Ram free BEFORE starting Snort: 111M – Ram free AFTER starting Snort: 111M -- Mode ac-sparsebands -- Snort memory usage:
      Sep 19 15:48:16 dnsmasq[5154]: reading /var/dhcpd/var/db/dhcpd.leases
      Sep 19 15:48:17 kernel: tcp_output: inc sockbuf, old 65340, new 73532, sb_cc 61929, snd_wnd 65535, sendwnd 46464
      Sep 19 15:49:04 last message repeated 2 times
      Sep 19 15:49:20 kernel: ng0: promiscuous mode disabled

      1 Reply Last reply Reply Quote 0
      • S
        Slam
        last edited by

        Sep 19 15:47:54    snort[11015]: PID path stat checked out ok, PID path set to /var/run/
        Sep 19 15:47:54    snort[11015]: PID path stat checked out ok, PID path set to /var/run/
        Sep 19 15:47:54    snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
        Sep 19 15:47:54    snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
        

        Do you connect to the internet via PPoE?

        I am currently having the same error but on ath0 but I've set snort to listen on to bfe0 (WAN)

        Slam

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.