4. Help! MOST COMMON SNORT CONFIG FOR SNORT ON 2.0.3

Help! MOST COMMON SNORT CONFIG FOR SNORT ON 2.0.3

  • O

    Hi,

    I read about snort package and I did try to deploy one in 2.0.3 hoping to increase my security. However, due to my limited knowledge on how to properly deploy and configure, I was not able to run the snort. I still get a red X.

    I got WAN and LAN created but I just don't know, of all these checked box, I don't understand. Please help me on this one.

    0
  • K

    So, your box isn't working and you want to know why?
    Everyone will need some posts of you current setup thats not doing what you want.
    Info about how each piece is set up.

    Did you select an interface in snort?

    0
  • O

    @kejianshi:

    So, your box isn't working and you want to know why?
    Everyone will need some posts of you current setup thats not doing what you want.
    Info about how each piece is set up.

    Did you select an interface in snort?

    As a whole my box is working fine but the snort. I wish to add snort, where I already did, have already created interface for WAN and LAN. I already have oink code and have already entered under "global settings" tab, have already updated the rules under "Updates" tab and clicked "update rule".

    WAN Settings
    checked "Enable or Disable"
    checked "Send alerts to main System logs"
    Which IP to block "src"
    Search Method "AC-BNFA"
    checked "Search Optimize"
    checked "Checksum Check Disable"

    WAN Categories Tab
    checked Resolve Flowbits
    checked Use IPS polocy
    IPS Policy "Connectivity"

    Select the rulesets Snort will load at startup
    checked the following:
    emerging botcc, dos, exploit, malware


    0
  • C

    Sorry if this is a silly question, but have you clicked on the red x to start snort ?

    0
  • K

    Thats not a silly question…  And a "play button" would make better sense than a "red x" wouldn't it?

    0

  • @Craigusoz:

    Sorry if this is a silly question, but have you clicked on the red x to start snort ?

    Craigusoz is correct.  Try clicking on the red X to start Snort on the interface.  You can also refer to this thread for some quick setup tips for Snort beginners.

    http://forum.pfsense.org/index.php/topic,61018.msg328717.html#msg328717

    0
  • O

    @bmeeks:

    @Craigusoz:

    Sorry if this is a silly question, but have you clicked on the red x to start snort ?

    Craigusoz is correct.  Try clicking on the red X to start Snort on the interface.  You can also refer to this thread for some quick setup tips for Snort beginners.

    http://forum.pfsense.org/index.php/topic,61018.msg328717.html#msg328717

    it could be a silly question though but the silliest part is that I did, prior to seeking help, tried clicking the silly red x button, it says "snort has started" but when I checked on the services it says snort "stopped". So i thought i might have a wrong configuration, so here i am figuring out seeking help, and by the way am not a pfsense savvy that's why i am seeking help.

    0

  • @onlineph:

    it could be a silly question though but the silliest part is that I did, prior to seeking help, tried clicking the silly red x button, it says "snort has started" but when I checked on the services it says snort "stopped". So i thought i might have a wrong configuration, so here i am figuring out seeking help, and by the way am not a pfsense savvy that's why i am seeking help.

    Attempt to start Snort again (click the red X), then take a look at the system log to see what messages (if any) were printed out.  To see the log, choose Status…System Logs from the pfSense menu.  Post back with any messages that seem related to Snort.

    Also, did you take a look at the thread URL I posted in my first reply?  There are some specific steps you must do in a specific order to get a working Snort setup.

    Bill

    0
  • O

    @bmeeks:

    @onlineph:

    it could be a silly question though but the silliest part is that I did, prior to seeking help, tried clicking the silly red x button, it says "snort has started" but when I checked on the services it says snort "stopped". So i thought i might have a wrong configuration, so here i am figuring out seeking help, and by the way am not a pfsense savvy that's why i am seeking help.

    Attempt to start Snort again (click the red X), then take a look at the system log to see what messages (if any) were printed out.  To see the log, choose Status…System Logs from the pfSense menu.  Post back with any messages that seem related to Snort.

    Also, did you take a look at the thread URL I posted in my first reply?  There are some specific steps you must do in a specific order to get a working Snort setup.
    Bill

    Hi, I did exactly your instruction but snort failed to start. here is the error on system logs:

    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Jul 20 16:06:20 snort[23827]: [ 135 139 445 593 1024:65535 ]
    Jul 20 16:06:20 snort[23827]: [ 135 139 445 593 1024:65535 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Jul 20 16:06:20 snort[23827]: [ 135 1024:65535 ]
    Jul 20 16:06:20 snort[23827]: [ 135 1024:65535 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Jul 20 16:06:20 snort[23827]: [ 135 593 1024:65535 ]
    Jul 20 16:06:20 snort[23827]: [ 135 593 1024:65535 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_TCP' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_NCACN_TCP' defined :
    Jul 20 16:06:20 snort[23827]: [ 2103 2105 2107 ]
    Jul 20 16:06:20 snort[23827]: [ 2103 2105 2107 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Jul 20 16:06:20 snort[23827]: [ 6503:6504 ]
    Jul 20 16:06:20 snort[23827]: [ 6503:6504 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'DNP3_PORTS' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'DNP3_PORTS' defined :
    Jul 20 16:06:20 snort[23827]: [ 20000 ]
    Jul 20 16:06:20 snort[23827]: [ 20000 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'MODBUS_PORTS' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'MODBUS_PORTS' defined :
    Jul 20 16:06:20 snort[23827]: [ 502 ]
    Jul 20 16:06:20 snort[23827]: [ 502 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: PortVar 'GTP_PORTS' defined :
    Jul 20 16:06:20 snort[23827]: PortVar 'GTP_PORTS' defined :
    Jul 20 16:06:20 snort[23827]: [ 2123 2152 3386 ]
    Jul 20 16:06:20 snort[23827]: [ 2123 2152 3386 ]
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]:
    Jul 20 16:06:20 snort[23827]: FATAL ERROR: /usr/local/etc/snort/snort_28645_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 20 16:06:20 snort[23827]: FATAL ERROR: /usr/local/etc/snort/snort_28645_em1/snort.conf(90) Unknown config directive: enable_gtp.

    0

  • @onlineph:

    Jul 20 16:06:20 snort[23827]: FATAL ERROR: /usr/local/etc/snort/snort_28645_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 20 16:06:20 snort[23827]: FATAL ERROR: /usr/local/etc/snort/snort_28645_em1/snort.conf(90) Unknown config directive: enable_gtp.

    This line is the problem.  Perhaps you are missing a preprocessor dependency.  Go to the Preprocessors tab for the interface corresponding to em1 (WAN or LAN, I don't know which  on your box) and make sure the Frag3 and Stream5 preprocessors are both enabled (checked).  Click Save at the bottom of the page, and try starting Snort again.

    Report back if that doesn't work and include any system log output again.

    Bill

    0
  • O

    @bmeeks:

    @onlineph:

    Jul 20 16:06:20 snort[23827]: FATAL ERROR: /usr/local/etc/snort/snort_28645_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 20 16:06:20 snort[23827]: FATAL ERROR: /usr/local/etc/snort/snort_28645_em1/snort.conf(90) Unknown config directive: enable_gtp.

    This line is the problem.  Perhaps you are missing a preprocessor dependency.  Go to the Preprocessors tab for the interface corresponding to em1 (WAN or LAN, I don't know which  on your box) and make sure the Frag3 and Stream5 preprocessors are both enabled (checked).  Click Save at the bottom of the page, and try starting Snort again.

    Report back if that doesn't work and include any system log output again.

    Bill

    I de-installed the snort thinking I can no longer use it but when you replied I installed it again, followed your instruction plus your new instruction which when I checked the Frag3 and Stream5 is checked by default.

    Anyway here is the syslog:

    Jul 22 00:38:28 check_reload_status: Syncing firewall
    Jul 22 00:38:28 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
    Jul 22 00:38:28 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
    Jul 22 00:38:27 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …
    Jul 22 00:38:27 php: /snort/snort_preprocessors.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:38:27 php: /snort/snort_preprocessors.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:38:27 php: /snort/snort_preprocessors.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:38:27 php: /snort/snort_preprocessors.php: Could not find the libsf_gtp_preproc file. Snort might error out!
    Jul 22 00:38:27 php: /snort/snort_preprocessors.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:30:47 snort[61987]: FATAL ERROR: /usr/local/etc/snort/snort_38398_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 22 00:30:47 snort[61987]: FATAL ERROR: /usr/local/etc/snort/snort_38398_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 2123 2152 3386 ]
    Jul 22 00:30:47 snort[61987]: [ 2123 2152 3386 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'GTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'GTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 502 ]
    Jul 22 00:30:47 snort[61987]: [ 502 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'MODBUS_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'MODBUS_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 20000 ]
    Jul 22 00:30:47 snort[61987]: [ 20000 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DNP3_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DNP3_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 6503:6504 ]
    Jul 22 00:30:47 snort[61987]: [ 6503:6504 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 2103 2105 2107 ]
    Jul 22 00:30:47 snort[61987]: [ 2103 2105 2107 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_TCP' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_TCP' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 135 593 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: [ 135 593 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 135 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: [ 135 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 135 139 445 593 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: [ 135 139 445 593 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 138 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: [ 138 1024:65535 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 139 445 ]
    Jul 22 00:30:47 snort[61987]: [ 139 445 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 111 32770:32779 ]
    Jul 22 00:30:47 snort[61987]: [ 111 32770:32779 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SUN_RPC_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SUN_RPC_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 0:79 81:65535 ]
    Jul 22 00:30:47 snort[61987]: [ 0:79 81:65535 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SHELLCODE_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SHELLCODE_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 80 110 143 901 3128 8080 9000 ]
    Jul 22 00:30:47 snort[61987]: [ 80 110 143 901 3128 8080 9000 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'FILE_DATA_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'FILE_DATA_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 443 465 563 636 989:990 992:995 ]
    Jul 22 00:30:47 snort[61987]: [ 443 465 563 636 989:990 992:995 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SSL_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SSL_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 514 ]
    Jul 22 00:30:47 snort[61987]: [ 514 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'RSH_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'RSH_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 513 ]
    Jul 22 00:30:47 snort[61987]: [ 513 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'RLOGIN_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'RLOGIN_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 119 ]
    Jul 22 00:30:47 snort[61987]: [ 119 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'NNTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'NNTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 139 445 ]
    Jul 22 00:30:47 snort[61987]: [ 139 445 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SMB_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SMB_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 6665:6669 7000 ]
    Jul 22 00:30:47 snort[61987]: [ 6665:6669 7000 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'IRC_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'IRC_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 79 ]
    Jul 22 00:30:47 snort[61987]: [ 79 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'FINGER_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'FINGER_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 113 ]
    Jul 22 00:30:47 snort[61987]: [ 113 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'AUTH_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'AUTH_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 5060:5061 ]
    Jul 22 00:30:47 snort[61987]: [ 5060:5061 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SIP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SIP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 5060:5090 16384:32768 ]
    Jul 22 00:30:47 snort[61987]: [ 5060:5090 16384:32768 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SIP_PROXY_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SIP_PROXY_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 143 ]
    Jul 22 00:30:47 snort[61987]: [ 143 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'IMAP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'IMAP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 110 ]
    Jul 22 00:30:47 snort[61987]: [ 110 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'POP3_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'POP3_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 109 ]
    Jul 22 00:30:47 snort[61987]: [ 109 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'POP2_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'POP2_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 22 ]
    Jul 22 00:30:47 snort[61987]: [ 22 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SSH_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SSH_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 21 ]
    Jul 22 00:30:47 snort[61987]: [ 21 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'FTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'FTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 161 ]
    Jul 22 00:30:47 snort[61987]: [ 161 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SNMP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SNMP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 23 ]
    Jul 22 00:30:47 snort[61987]: [ 23 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'TELNET_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'TELNET_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 1433 ]
    Jul 22 00:30:47 snort[61987]: [ 1433 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'MSSQL_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'MSSQL_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 1521 ]
    Jul 22 00:30:47 snort[61987]: [ 1521 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'ORACLE_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'ORACLE_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 80 901 3128 8080 9000 ]
    Jul 22 00:30:47 snort[61987]: [ 80 901 3128 8080 9000 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'HTTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'HTTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 25 143 465 691 ]
    Jul 22 00:30:47 snort[61987]: [ 25 143 465 691 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'MAIL_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'MAIL_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 25 ]
    Jul 22 00:30:47 snort[61987]: [ 25 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'SMTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'SMTP_PORTS' defined :
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: [ 53 ]
    Jul 22 00:30:47 snort[61987]: [ 53 ]
    Jul 22 00:30:47 snort[61987]: PortVar 'DNS_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: PortVar 'DNS_PORTS' defined :
    Jul 22 00:30:47 snort[61987]: Parsing Rules file "/usr/local/etc/snort/snort_38398_em1/snort.conf"
    Jul 22 00:30:47 snort[61987]: Parsing Rules file "/usr/local/etc/snort/snort_38398_em1/snort.conf"
    Jul 22 00:30:47 snort[61987]: Initializing Plug-ins!
    Jul 22 00:30:47 snort[61987]: Initializing Plug-ins!
    Jul 22 00:30:47 snort[61987]: Initializing Preprocessors!
    Jul 22 00:30:47 snort[61987]: Initializing Preprocessors!
    Jul 22 00:30:47 snort[61987]: Initializing Output Plugins!
    Jul 22 00:30:47 snort[61987]: Initializing Output Plugins!
    Jul 22 00:30:47 snort[61987]: –== Initializing Snort ==--
    Jul 22 00:30:47 snort[61987]: –== Initializing Snort ==--
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]:
    Jul 22 00:30:47 snort[61987]: Running in IDS mode
    Jul 22 00:30:47 snort[61987]: Running in IDS mode
    Jul 22 00:30:47 snort[61987]: Found pid path directive (/var/run)
    Jul 22 00:30:47 snort[61987]: Found pid path directive (/var/run)
    Jul 22 00:30:47 SnortStartup[61759]: Snort START for Internet(38398_em1)…
    Jul 22 00:30:21 snort[43280]: FATAL ERROR: /usr/local/etc/snort/snort_38398_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 22 00:30:21 snort[43280]: FATAL ERROR: /usr/local/etc/snort/snort_38398_em1/snort.conf(90) Unknown config directive: enable_gtp.
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 2123 2152 3386 ]
    Jul 22 00:30:21 snort[43280]: [ 2123 2152 3386 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'GTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'GTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 502 ]
    Jul 22 00:30:21 snort[43280]: [ 502 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'MODBUS_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'MODBUS_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 20000 ]
    Jul 22 00:30:21 snort[43280]: [ 20000 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DNP3_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DNP3_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 6503:6504 ]
    Jul 22 00:30:21 snort[43280]: [ 6503:6504 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 2103 2105 2107 ]
    Jul 22 00:30:21 snort[43280]: [ 2103 2105 2107 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_TCP' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_TCP' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 135 593 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: [ 135 593 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 135 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: [ 135 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 135 139 445 593 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: [ 135 139 445 593 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 138 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: [ 138 1024:65535 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 139 445 ]
    Jul 22 00:30:21 snort[43280]: [ 139 445 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 111 32770:32779 ]
    Jul 22 00:30:21 snort[43280]: [ 111 32770:32779 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SUN_RPC_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SUN_RPC_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 0:79 81:65535 ]
    Jul 22 00:30:21 snort[43280]: [ 0:79 81:65535 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SHELLCODE_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SHELLCODE_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 80 110 143 901 3128 8080 9000 ]
    Jul 22 00:30:21 snort[43280]: [ 80 110 143 901 3128 8080 9000 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'FILE_DATA_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'FILE_DATA_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 443 465 563 636 989:990 992:995 ]
    Jul 22 00:30:21 snort[43280]: [ 443 465 563 636 989:990 992:995 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SSL_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SSL_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 514 ]
    Jul 22 00:30:21 snort[43280]: [ 514 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'RSH_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'RSH_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 513 ]
    Jul 22 00:30:21 snort[43280]: [ 513 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'RLOGIN_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'RLOGIN_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 119 ]
    Jul 22 00:30:21 snort[43280]: [ 119 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'NNTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'NNTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 139 445 ]
    Jul 22 00:30:21 snort[43280]: [ 139 445 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SMB_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SMB_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 6665:6669 7000 ]
    Jul 22 00:30:21 snort[43280]: [ 6665:6669 7000 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'IRC_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'IRC_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 79 ]
    Jul 22 00:30:21 snort[43280]: [ 79 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'FINGER_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'FINGER_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 113 ]
    Jul 22 00:30:21 snort[43280]: [ 113 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'AUTH_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'AUTH_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 5060:5061 ]
    Jul 22 00:30:21 snort[43280]: [ 5060:5061 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SIP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SIP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 5060:5090 16384:32768 ]
    Jul 22 00:30:21 snort[43280]: [ 5060:5090 16384:32768 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SIP_PROXY_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SIP_PROXY_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 143 ]
    Jul 22 00:30:21 snort[43280]: [ 143 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'IMAP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'IMAP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 110 ]
    Jul 22 00:30:21 snort[43280]: [ 110 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'POP3_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'POP3_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 109 ]
    Jul 22 00:30:21 snort[43280]: [ 109 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'POP2_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'POP2_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 22 ]
    Jul 22 00:30:21 snort[43280]: [ 22 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SSH_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SSH_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 21 ]
    Jul 22 00:30:21 snort[43280]: [ 21 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'FTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'FTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 161 ]
    Jul 22 00:30:21 snort[43280]: [ 161 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SNMP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SNMP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 23 ]
    Jul 22 00:30:21 snort[43280]: [ 23 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'TELNET_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'TELNET_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 1433 ]
    Jul 22 00:30:21 snort[43280]: [ 1433 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'MSSQL_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'MSSQL_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 1521 ]
    Jul 22 00:30:21 snort[43280]: [ 1521 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'ORACLE_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'ORACLE_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 80 901 3128 8080 9000 ]
    Jul 22 00:30:21 snort[43280]: [ 80 901 3128 8080 9000 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'HTTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'HTTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 25 143 465 691 ]
    Jul 22 00:30:21 snort[43280]: [ 25 143 465 691 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'MAIL_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'MAIL_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 25 ]
    Jul 22 00:30:21 snort[43280]: [ 25 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'SMTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'SMTP_PORTS' defined :
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: [ 53 ]
    Jul 22 00:30:21 snort[43280]: [ 53 ]
    Jul 22 00:30:21 snort[43280]: PortVar 'DNS_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: PortVar 'DNS_PORTS' defined :
    Jul 22 00:30:21 snort[43280]: Parsing Rules file "/usr/local/etc/snort/snort_38398_em1/snort.conf"
    Jul 22 00:30:21 snort[43280]: Parsing Rules file "/usr/local/etc/snort/snort_38398_em1/snort.conf"
    Jul 22 00:30:21 snort[43280]: Initializing Plug-ins!
    Jul 22 00:30:21 snort[43280]: Initializing Plug-ins!
    Jul 22 00:30:21 snort[43280]: Initializing Preprocessors!
    Jul 22 00:30:21 snort[43280]: Initializing Preprocessors!
    Jul 22 00:30:21 snort[43280]: Initializing Output Plugins!
    Jul 22 00:30:21 snort[43280]: Initializing Output Plugins!
    Jul 22 00:30:21 snort[43280]: –== Initializing Snort ==--
    Jul 22 00:30:21 snort[43280]: –== Initializing Snort ==--
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]:
    Jul 22 00:30:21 snort[43280]: Running in IDS mode
    Jul 22 00:30:21 snort[43280]: Running in IDS mode
    Jul 22 00:30:21 snort[43280]: Found pid path directive (/var/run)
    Jul 22 00:30:21 snort[43280]: Found pid path directive (/var/run)
    Jul 22 00:30:21 php: /snort/snort_interfaces.php: [Snort] Snort START for Internet(em1)…
    Jul 22 00:30:21 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
    Jul 22 00:30:21 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: Could not find the libsf_gtp_preproc file. Snort might error out!
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:30:20 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(Internet)…
    Jul 22 00:29:30 check_reload_status: Syncing firewall
    Jul 22 00:29:30 php: /snort/snort_rulesets.php: [Snort] Building new sig-msg.map file for WAN…
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: [Snort] Enabling any flowbit-required rules for: WAN…
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: [Snort] Updating rules configuration for: WAN …
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: Could not find the libsf_gtp_preproc file. Snort might error out!
    Jul 22 00:29:29 php: /snort/snort_rulesets.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:28:38 check_reload_status: Syncing firewall
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: [Snort] Warning - no text rules selected for: WAN …
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_gtp_preproc file. Snort might error out!
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_sip_preproc file. Snort might error out!

    0
  • K

    This may be a stupid question.  Did you get one of those snort accounts online?

    An "Oinkcode"?

    0

  • @onlineph:

    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_gtp_preproc file. Snort might error out!
    Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_sip_preproc file. Snort might error out!

    These error messages indicate something is seriously wrong with your Snort binary installation.  It looks like an entire library directory may be missing.  See if you have the directory /usr/local/lib/snort/dynamicpreprocessor and if it contains the files flagged as missing the system log entries (libsf_pop_preproc*, for example).  Have you downloaded a rule set, and if so which ones (Snort VRT or Emerging Threats or both)?

    Try this to completely remove Snort and start over.

    Go to System…Packages and then the Installed Packages tab.  Click the X beside Snort to remove it.
    Get to a console prompt and run these commands

    rm -rf /usr/local/lib/snort
rm -rf /usr/local/etc/snort

    The second command above might produce an error if the package removal properly removed that directory.  If it does, that's OK.
    Reboot the firewall and then try to install Snort again.

    Bill

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy