Snort not working

pogey

Hi

snort not working in my pfsense. Im using PFsense 1.2 RC1. All porno sites was able to access. Here is my sys log. Can someone help me.

Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
Sep 19 15:47:54 snort[11014]: | none
Sep 19 15:47:54 snort[11014]: | none
Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
Sep 19 15:47:54 snort[11014]: Initializing daemon mode
Sep 19 15:47:54 snort[11014]: Initializing daemon mode
Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
Sep 19 15:47:56 snort[11014]: Daemon parent exiting
Sep 19 15:47:56 snort[11014]: Daemon parent exiting
Sep 19 15:48:13 SnortStartup[11051]: Ram free BEFORE starting Snort: 111M – Ram free AFTER starting Snort: 111M -- Mode ac-sparsebands -- Snort memory usage:
Sep 19 15:48:16 dnsmasq[5154]: reading /var/dhcpd/var/db/dhcpd.leases
Sep 19 15:48:17 kernel: tcp_output: inc sockbuf, old 65340, new 73532, sb_cc 61929, snd_wnd 65535, sendwnd 46464
Sep 19 15:49:04 last message repeated 2 times
Sep 19 15:49:20 kernel: ng0: promiscuous mode disabled

Slam

Sep 19 15:47:54    snort[11015]: PID path stat checked out ok, PID path set to /var/run/
Sep 19 15:47:54    snort[11015]: PID path stat checked out ok, PID path set to /var/run/
Sep 19 15:47:54    snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
Sep 19 15:47:54    snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"

Do you connect to the internet via PPoE?

I am currently having the same error but on ath0 but I've set snort to listen on to bfe0 (WAN)

Slam