3. Snort cannot start

Snort cannot start

  • A

    After update today with 2.1.2-RELEASE (i386)  my snort package cannot start !
    In system logs i have some error messages :

    Apr 12 14:54:06	snort[87727]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:54:05	SnortStartup[87478]: Snort START for WAN(37769_xl0)...
Apr 12 14:54:01	php: servicewatchdog_cron.php: Service Watchdog detected service snort stopped. Restarting snort (Snort IDS/IPS Daemon)
Apr 12 14:53:56	snort[61180]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:53:55	SnortStartup[60890]: Snort START for WAN(37769_xl0)...
Apr 12 14:53:37	snort[56100]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:53:36	SnortStartup[56078]: Snort START for WAN(37769_xl0)...
Apr 12 14:53:06	snort[32694]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:53:05	SnortStartup[32677]: Snort START for WAN(37769_xl0)...
Apr 12 14:53:01	php: servicewatchdog_cron.php: Service Watchdog detected service snort stopped. Restarting snort (Snort IDS/IPS Daemon)
Apr 12 14:52:58	php: /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 37769 -D -q -l /var/log/snort/snort_xl037769 --pid-path /var/run --nolock-pidfile -G 37769 -c /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/snort.conf -i xl0' returned exit code '1', the output was ''
Apr 12 14:52:58	snort[28863]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules(425) Unknown rule option: 'sd_pattern'.
Apr 12 14:52:57	php: /snort/snort_interfaces.php: [Snort] Snort START for WAN(xl0)...
Apr 12 14:52:56	check_reload_status: Syncing firewall
Apr 12 14:52:53	check_reload_status: Syncing firewall

    Any suggestions ?

    0
  • A

    So i discover the problem by myself in line 425 with: 
    ee /usr/pbi/snort-i386/etc/snort/snort_37769_xl0/rules/snort.rules

    
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Credit Card Numbers"; metadata:s

    So in respective menu: Snort –> Snort interfaces --> Edit Snort interface mapping --> Wan preprocs

    I tick Enable  "Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data.
    Note: To enable this preprocessor, you must select the Snort VRT rules on the Global Settings tab."

    And now everything is fine snort running fine !

    0
  • P

    asphyx
    Thank´s, this work for me!.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy