Snort not working
-
Hi
snort not working in my pfsense. Im using PFsense 1.2 RC1. All porno sites was able to access. Here is my sys log. Can someone help me.
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
Sep 19 15:47:54 snort[11014]: | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300
Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
Sep 19 15:47:54 snort[11014]: +–---------------------[suppression]–----------------------------------------
Sep 19 15:47:54 snort[11014]: | none
Sep 19 15:47:54 snort[11014]: | none
Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
Sep 19 15:47:54 snort[11014]: –-----------------------------------------------------------------------------
Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
Sep 19 15:47:54 snort[11014]: Rule application order: ->activation->dynamic->pass->drop->alert->log
Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
Sep 19 15:47:54 snort[11014]: Log directory = /var/log/snort
Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
Sep 19 15:47:54 snort[11014]: 301 out of 512 flowbits in use.
Sep 19 15:47:54 snort[11014]: Initializing daemon mode
Sep 19 15:47:54 snort[11014]: Initializing daemon mode
Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/
Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
Sep 19 15:47:55 snort[11014]: Child exited unexpectedly
Sep 19 15:47:56 snort[11014]: Daemon parent exiting
Sep 19 15:47:56 snort[11014]: Daemon parent exiting
Sep 19 15:48:13 SnortStartup[11051]: Ram free BEFORE starting Snort: 111M – Ram free AFTER starting Snort: 111M -- Mode ac-sparsebands -- Snort memory usage:
Sep 19 15:48:16 dnsmasq[5154]: reading /var/dhcpd/var/db/dhcpd.leases
Sep 19 15:48:17 kernel: tcp_output: inc sockbuf, old 65340, new 73532, sb_cc 61929, snd_wnd 65535, sendwnd 46464
Sep 19 15:49:04 last message repeated 2 times
Sep 19 15:49:20 kernel: ng0: promiscuous mode disabled -
Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/ Sep 19 15:47:54 snort[11015]: PID path stat checked out ok, PID path set to /var/run/ Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015" Sep 19 15:47:54 snort[11015]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_ng0.pid" for PID "11015"
Do you connect to the internet via PPoE?
I am currently having the same error but on ath0 but I've set snort to listen on to bfe0 (WAN)
Slam