Snort with all my rules enable not starting
-
Hi!
I have manualy enable all rules, and snort is not starting.
How can i add more memory to snort config? I have 8GB.
p.s.: snort is starting "only" with default rules or. with minor modifications,
-
Which pfSense version are you running (2.0.X or 2.1?)? Are you running 32 or 64 bit?
-
2.1 on x64
-
I has worked on my 8GB config. Takes about 55% RAM once it has started. Not on v2.1 now but have installed and started it many times on that version. Do a clean install of pfsense and then install Snort first.
-
Have you enable all (disabled rules) in all cathegory?
-
Any help, sugestion?
or where is snort config file?
-
Any help, sugestion?
or where is snort config file?
Post any Snort messages from the system log. I suspect you need to enable one or more per preprocessors if you have enabled every single rule.
Depending on the power of your hardware, it can take Snort up to a minute or more to start up if you enable all the rules. Are you sure you are waiting long enough?
By the way, it is never a good idea to enable and run all the rules. You will likely get a lot of false positives. You should pick only the rules necessary to cover your environment.
