• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort cannot start

Scheduled Pinned Locked Moved pfSense Packages
3 Posts 2 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    asphyx
    last edited by Apr 12, 2014, 12:23 PM

    After update today with 2.1.2-RELEASE (i386)  my snort package cannot start !
    In system logs i have some error messages :

    Apr 12 14:54:06	snort[87727]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:54:05	SnortStartup[87478]: Snort START for WAN(37769_xl0)...
Apr 12 14:54:01	php: servicewatchdog_cron.php: Service Watchdog detected service snort stopped. Restarting snort (Snort IDS/IPS Daemon)
Apr 12 14:53:56	snort[61180]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:53:55	SnortStartup[60890]: Snort START for WAN(37769_xl0)...
Apr 12 14:53:37	snort[56100]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:53:36	SnortStartup[56078]: Snort START for WAN(37769_xl0)...
Apr 12 14:53:06	snort[32694]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:53:05	SnortStartup[32677]: Snort START for WAN(37769_xl0)...
Apr 12 14:53:01	php: servicewatchdog_cron.php: Service Watchdog detected service snort stopped. Restarting snort (Snort IDS/IPS Daemon)
Apr 12 14:52:58	php: /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 37769 -D -q -l /var/log/snort/snort_xl037769 --pid-path /var/run --nolock-pidfile -G 37769 -c /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/snort.conf -i xl0' returned exit code '1', the output was ''
Apr 12 14:52:58	snort[28863]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:52:57	php: /snort/snort_interfaces.php: [Snort] Snort START for WAN(xl0)...
Apr 12 14:52:56	check_reload_status: Syncing firewall
Apr 12 14:52:53	check_reload_status: Syncing firewall

    Any suggestions ?

    1 Reply Last reply Reply Quote 0
    • A
      asphyx
      last edited by Apr 12, 2014, 1:29 PM

      So i discover the problem by myself in line 425 with: 
      ee /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules

      
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Credit Card Numbers"; metadata:s

      So in respective menu: Snort –> Snort interfaces --> Edit Snort interface mapping --> Wan preprocs

      I tick Enable  "Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data.
      Note: To enable this preprocessor, you must select the Snort VRT rules on the Global Settings tab."

      And now everything is fine snort running fine !

      1 Reply Last reply Reply Quote 0
      • P
        pablomoretto
        last edited by Jul 3, 2014, 3:04 AM

        asphyx
        Thank´s, this work for me!.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received