Snort doesn't start after upgrade PFS 2.2.3



  • Snort doesn't start after upgrade to PFS 2.2.3
    I started searching here in the forum and somebody wrote to reinstall snort wich i did and now its stuck at "Please wait while Snort is started" it looks like Snort is still not starting after reinstalling Snort.

    I don't know wat to do right now.

    This is a part of the system log.

    Jun 25 19:39:56 sshd[23347]: Accepted keyboard-interactive/pam for root from 192.168.168.4 port 2170 ssh2
    Jun 25 19:39:27 kernel: arp: 192.168.166.21 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
    Jun 25 19:38:44 kernel: arp: 192.168.166.22 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
    Jun 25 19:38:43 sshd[22792]: Accepted keyboard-interactive/pam for root from 192.168.168.4 port 2164 ssh2
    Jun 25 19:30:28 kernel: arp: 192.168.166.10 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
    Jun 25 19:30:01 kernel: arp: 192.168.166.10 moved from 00:30:18:a2:fc:4b to 00:30:18:a2:fc:4c on em1_vlan66
    Jun 25 19:29:48 kernel: arp: 192.168.166.2 moved from 00:30:18:a2:fc:4c to 00:30:18:a2:fc:4b on em1_vlan66
    Jun 25 19:28:21 SnortStartup[52462]: Snort START for WAN(23488_em0)…
    Jun 25 19:28:21 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Finished rebuilding installation from saved settings…
    Jun 25 19:28:20 check_reload_status: Syncing firewall
    Jun 25 19:28:19 check_reload_status: Syncing firewall
    Jun 25 19:28:15 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Building new sig-msg.map file for WAN…
    Jun 25 19:28:14 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Enabling any flowbit-required rules for: WAN…
    Jun 25 19:28:07 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Updating rules configuration for: WAN …
    Jun 25 19:28:07 check_reload_status: Syncing firewall
    Jun 25 19:28:07 php-fpm[97819]: /pkg_mgr_install.php: [Snort] The Rules update has finished.
    Jun 25 19:28:07 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Emerging Threats Open rules are up to date…
    Jun 25 19:28:05 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort GPLv2 Community Rules are up to date…
    Jun 25 19:28:05 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort OpenAppID detectors are up to date…
    Jun 25 19:28:04 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort VRT rules are up to date…
    Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Downloading and updating configured rule types…
    Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Configuration version is current…
    Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Checking configuration settings version…
    Jun 25 19:28:03 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Saved settings detected… rebuilding installation with saved settings...
    Jun 25 19:27:29 check_reload_status: Syncing firewall
    Jun 25 19:27:27 php-fpm[97819]: /pkg_mgr_install.php: Beginning package installation for snort .
    Jun 25 19:27:26 check_reload_status: Syncing firewall
    Jun 25 19:27:25 check_reload_status: Syncing firewall
    Jun 25 19:27:24 check_reload_status: Syncing firewall
    Jun 25 19:27:17 php-fpm[13372]: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/snort -R 23488 -D -q –suppress-config-log -l /var/log/snort/snort_em023488 --pid-path /var/run --nolock-pidfile -G 23488 -c /usr/pbi/snort-amd64/etc/snort/snort_23488_em0/snort.conf -i em0' returned exit code '9', the output was ''
    Jun 25 19:27:17 php-fpm[57316]: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/snort -R 23488 -D -q –suppress-config-log -l /var/log/snort/snort_em023488 --pid-path /var/run --nolock-pidfile -G 23488 -c /usr/pbi/snort-amd64/etc/snort/snort_23488_em0/snort.conf -i em0' returned exit code '9', the output was ''
    Jun 25 19:27:13 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort STOP for all interfaces…
    Jun 25 19:27:13 php-fpm[97819]: /pkg_mgr_install.php: [Snort] Snort package uninstall in progress…



  • Hi, did you give it some time to settle? Some times it needs some minutes to restart all the rules.

    Also you could try to reboot.



  • Hi Talos,

    After I upgraded to 2.2.3 I clicked several times on the cross on the interface to start Snort. Everytime the browser timed out. Then I rebooted and tried again to start Snort stil no succes. Then I reinstalled Snort and again the browser timed out at te Snort starting fase.

    Few minutes ago I refreshed the browser wich started again the reinstall of snort and is still running at the moment or wel the browser is waiting while Snort should be starting. I wil wait longer this time but does it make sense to wait after the browser timed out?



  • Well i am still a noob my self but snort can be hard on old hardware.
    What are your machines specs. Are you running nanobsd? cf cards are slow you know!



  • Hello Talos,

    I solved it. Before I used the option "reinstall snort" but after 2 times reinstalling with no succes I used the option "uninstall Snort" instead of reinstall. After I uninstalled it I installed it again and after that Snort started right away and all my settings are saved and its working again like before pffffww ;)

    I don't have an old system. I have a SuperMicro mini-itx board with 4gb ram, 30gb ssd, 2 Intel gbit nics.

    Thank you Talos even if you're also stil a novice like me your advise was still appreciated because it made me realise to wait longer maybe I was to impatient.



  • Groovy man, thank you for sharing! :-)


  • Galactic Empire

    Hmm, no issues with Snort on my setup after updating to 2.2.3… but reinstall usually fixes issues.


Log in to reply