SNORT on 2.1.5 Really weird!!

Supermule

What do you guys make of this?

Sep 23 12:27:41 php: /status_services.php: The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '127', the output was '/usr/local/etc/rc.d/snort.sh: not found'
Sep 23 12:27:29 lighttpd[26609]: (connections.c.137) (warning) close: 14 Connection reset by peer
Sep 23 12:27:06 check_reload_status: Reloading filter
Sep 23 12:27:01 php: /pkg_mgr_install.php: [Snort] Package post-installation tasks completed…
Sep 23 12:27:00 php: /pkg_mgr_install.php: [Snort] Starting Snort using rebuilt configuration…
Sep 23 12:27:00 php: /pkg_mgr_install.php: [Snort] Finished rebuilding installation from saved settings…
Sep 23 12:27:00 check_reload_status: Syncing firewall
Sep 23 12:26:59 check_reload_status: Syncing firewall
Sep 23 12:26:57 php: /pkg_mgr_install.php: [Snort] Building new sig-msg.map file for LAN…
Sep 23 12:26:57 php: /pkg_mgr_install.php: [Snort] See '/var/log/snort/LAN_disabled_preproc_rules.log' for list of auto-disabled rules.
Sep 23 12:26:57 php: /pkg_mgr_install.php: [Snort] Warning: auto-disabled 61 rules due to disabled preprocessor dependencies.
Sep 23 12:26:57 php: /pkg_mgr_install.php: [Snort] Checking flowbit rules dependent on disabled preprocessors for: LAN…
Sep 23 12:26:56 php: /pkg_mgr_install.php: [Snort] Enabling any flowbit-required rules for: LAN…
Sep 23 12:26:56 php: /pkg_mgr_install.php: [Snort] See '/var/log/snort/LAN_disabled_preproc_rules.log' for list of auto-disabled rules.
Sep 23 12:26:56 php: /pkg_mgr_install.php: [Snort] Warning: auto-disabled 14202 rules due to disabled preprocessor dependencies.
Sep 23 12:26:27 php: /pkg_mgr_install.php: [Snort] Checking for rules dependent on disabled preprocessors for: LAN…
Sep 23 12:26:19 php: /pkg_mgr_install.php: [Snort] Updating rules configuration for: LAN …
Sep 23 12:26:16 php: /pkg_mgr_install.php: [Snort] Building new sig-msg.map file for WAN…
Sep 23 12:26:16 php: /pkg_mgr_install.php: [Snort] See '/var/log/snort/WAN_disabled_preproc_rules.log' for list of auto-disabled rules.
Sep 23 12:26:16 php: /pkg_mgr_install.php: [Snort] Warning: auto-disabled 82 rules due to disabled preprocessor dependencies.
Sep 23 12:26:16 php: /pkg_mgr_install.php: [Snort] Checking flowbit rules dependent on disabled preprocessors for: WAN…
Sep 23 12:26:15 php: /pkg_mgr_install.php: [Snort] Enabling any flowbit-required rules for: WAN…
Sep 23 12:26:14 php: /pkg_mgr_install.php: [Snort] See '/var/log/snort/WAN_disabled_preproc_rules.log' for list of auto-disabled rules.
Sep 23 12:26:14 php: /pkg_mgr_install.php: [Snort] Warning: auto-disabled 1129 rules due to disabled preprocessor dependencies.
Sep 23 12:26:00 php: /pkg_mgr_install.php: [Snort] Checking for rules dependent on disabled preprocessors for: WAN…
Sep 23 12:25:48 php: /pkg_mgr_install.php: [Snort] Updating rules configuration for: WAN …
Sep 23 12:25:47 check_reload_status: Syncing firewall
Sep 23 12:25:47 php: /pkg_mgr_install.php: [Snort] The Rules update has finished.
Sep 23 12:25:44 php: /pkg_mgr_install.php: [Snort] Emerging Threats Open rules file update downloaded successfully
Sep 23 12:25:41 php: /pkg_mgr_install.php: [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz…
Sep 23 12:25:41 php: /pkg_mgr_install.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
Sep 23 12:25:39 php: /pkg_mgr_install.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz…
Sep 23 12:25:37 php: /pkg_mgr_install.php: [Snort] Snort VRT rules are up to date…
Sep 23 12:25:36 php: /pkg_mgr_install.php: [Snort] Downloading and updating configured rule types…
Sep 23 12:25:36 php: /pkg_mgr_install.php: [Snort] Settings successfully migrated to new configuration format…
Sep 23 12:25:36 check_reload_status: Syncing firewall
Sep 23 12:25:35 php: /pkg_mgr_install.php: [Snort] Saving configuration settings in new format…
Sep 23 12:25:35 php: /pkg_mgr_install.php: [Snort] Checking configuration settings version…
Sep 23 12:25:35 php: /pkg_mgr_install.php: [Snort] Saved settings detected… rebuilding installation with saved settings...
Sep 23 12:25:05 lighttpd[26609]: (connections.c.137) (warning) close: 20 Connection reset by peer
Sep 23 12:24:52 php: /pkg_mgr_install.php: Beginning package installation for snort .
Sep 23 12:24:51 php: /pkg_mgr_install.php: [Snort] Clearing all Snort-related log files…
Sep 23 12:24:51 php: /pkg_mgr_install.php: [Snort] Removing all blocked hosts from <snort2c>table…
Sep 23 12:24:41 php: /pkg_mgr_install.php: [Snort] Snort package uninstall in progress…
Sep 23 12:24:41 check_reload_status: Syncing firewall</snort2c>

Supermule

And I delete the LAN interface for SNORT and it boots.

Sep 23 12:35:10 kernel: em0: promiscuous mode enabled
Sep 23 12:34:44 SnortStartup[68933]: Snort START for WAN(3755_em0)…
Sep 23 12:34:24 check_reload_status: Syncing firewall
Sep 23 12:34:21 check_reload_status: Syncing firewall
Sep 23 12:27:41 php: /status_services.php: The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '127', the output was '/usr/local/etc/rc.d/snort.sh: not found'
Sep 23 12:27:29 lighttpd[26609]: (connections.c.137) (warning) close: 14 Connection reset by peer
Sep 23 12:27:06 check_reload_status: Reloading filter

kejianshi

You are having a familiar problem….

When someone who knows alot has issues, generally, not many answers follow.

Supermule

Very annoying :(

Not running out of memory, CPU or disk.

It just wont boot until I remove the 2nd interface.