Snort | Unknown rule option: 'stream_size'.
-
i have upgraded my pfsense after that i am getting this error in snort
ul 29 12:49:18 syslogd: kernel boot file is /boot/kernel/kernel
Jul 29 12:49:32 php-fpm[55362]: /snort/snort_interfaces.php: Toggle (snort starting) for Interface name
Jul 29 12:49:32 php-fpm[55362]: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: Interface name …
Jul 29 12:49:36 php-fpm[55362]: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for:Interface name…
Jul 29 12:49:36 php-fpm[55362]: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for Interface name…
Jul 29 12:49:37 php-fpm[55362]: /snort/snort_interfaces.php: [Snort] Snort START for Interface name(dc1)…
Jul 29 12:49:40 snort[94580]: FATAL ERROR: /usr/pbi/snort-amd64/etc/snort/snort_9528_dc1/rules/snort.rules(17924) Unknown rule option: 'stream_size'.
Jul 29 12:49:40 php-fpm[55362]: /snort/snort_interfaces.php: The command '/usr/pbi/snort-amd64/bin/snort -R 9528 -D -q –suppress-config-log -l /var/log/snort/snort_dc19528 --pid-path /var/run --nolock-pidfile -G 9528 -c /usr/pbi/snort-amd64/etc/snort/snort_9528_dc1/snort.conf -i dc1' returned exit code '1', the output was '' -
You most likely have a required preprocessor disabled. Make sure the STREAM5 preprocessor is enabled on the PREPROCESSORS tab. In fact, users should really never disable any of the default-enabled preprocessors unless they are very highly skilled with the operation of Snort.
Bill
-
This post is deleted!