Getting email spam, Warning: filemtime():
-
Since adding my LAN to my interface list in Snort I've been getting spammed with the following error…..
X-Cron-Env: <shell= bin="" sh=""> X-Cron-Env: <path= etc:="" bin:="" sbin:="" usr="" sbin=""> X-Cron-Env: <home= var="" log=""> X-Cron-Env: <logname=root> X-Cron-Env: <user=root> Warning: filemtime(): stat failed for /var/log/snort/snort_em03642/2014-12-01.0 in /usr/local/pkg/snort/snort_check_cron_misc.inc on line 222</user=root></logname=root></home=></path=></shell=>Any ideas on how I can fix this?
-
I think there is a fix for this in the Upcoming Snort Release… Stay tuned!
-
Yes, this should get fixed in the upcoming Snort update. I've posted it for the pfSense developers to review, but they have been quite busy with 2.2 getting the RC ready to go. Be patient a little longer. There are updates in the pipeline for Snort and Suricata.
For what it's worth, the error is coming from a regex that is incorrectly gathering up some auto-rotated perfmon stats log files. You can manually delete the files if you want without harm. The path is in the error message.
Bill
-
Good to know, thank you both. I'm not sure if I want to risk breaking snort or just deal with the email spam. Been getting hundreds of emails a day from my firewall because of this error.
-
You should be able to move that log file to the /tmp folder and see if the issue goes away. From your original post this should work :
mv /var/log/snort/snort_em03642/2014-12-01.0 /tmpCheck your emails to see if the filename is different.
-
Thank you gentleman! Seems to have fixed my email spamming issue!
