Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort cannot start

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asphyx
      last edited by

      After update today with 2.1.2-RELEASE (i386)  my snort package cannot start !
      In system logs i have some error messages :

      Apr 12 14:54:06	snort[87727]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
      Apr 12 14:54:05	SnortStartup[87478]: Snort START for WAN(37769_xl0)...
      Apr 12 14:54:01	php: servicewatchdog_cron.php: Service Watchdog detected service snort stopped. Restarting snort (Snort IDS/IPS Daemon)
      Apr 12 14:53:56	snort[61180]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
      Apr 12 14:53:55	SnortStartup[60890]: Snort START for WAN(37769_xl0)...
      Apr 12 14:53:37	snort[56100]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
      Apr 12 14:53:36	SnortStartup[56078]: Snort START for WAN(37769_xl0)...
      Apr 12 14:53:06	snort[32694]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
      Apr 12 14:53:05	SnortStartup[32677]: Snort START for WAN(37769_xl0)...
      Apr 12 14:53:01	php: servicewatchdog_cron.php: Service Watchdog detected service snort stopped. Restarting snort (Snort IDS/IPS Daemon)
      Apr 12 14:52:58	php: /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 37769 -D -q -l /var/log/snort/snort_xl037769 --pid-path /var/run --nolock-pidfile -G 37769 -c /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/snort.conf -i xl0' returned exit code '1', the output was ''
      Apr 12 14:52:58	snort[28863]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
      Apr 12 14:52:57	php: /snort/snort_interfaces.php: [Snort] Snort START for WAN(xl0)...
      Apr 12 14:52:56	check_reload_status: Syncing firewall
      Apr 12 14:52:53	check_reload_status: Syncing firewall
      

      Any suggestions ?

      1 Reply Last reply Reply Quote 0
      • A
        asphyx
        last edited by

        So i discover the problem by myself in line 425 with: 
        ee /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules

        
        alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Credit Card Numbers"; metadata:s
        
        

        So in respective menu: Snort –> Snort interfaces --> Edit Snort interface mapping --> Wan preprocs

        I tick Enable  "Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data.
        Note: To enable this preprocessor, you must select the Snort VRT rules on the Global Settings tab."

        And now everything is fine snort running fine !

        1 Reply Last reply Reply Quote 0
        • P
          pablomoretto
          last edited by

          asphyx
          Thank´s, this work for me!.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.