Snort 2.9.7.6 pkg v3.2.9.1 does not Start - but Snort IDS/IPS Daemon is Running.
-
We are running PfSense 2.2.6-RELEASE (amd64) on a VK-T40E pfSense Security Gateway Appliance that we recently bought from the PfSense Store.
Previous to the upgrade to Snort 2.9.7.6 pkg v3.2.9.1, Snort was running more or less smoothly.
Once we upgraded, Snort simply does not want to start.
I have tried to re-install, de-install, reboot, install, use only the defaults value, etc… all to no avail, the service simply does not want to start.
However, when you check under Status->Services, it shows that the Snort IDS/IPS Daemon is Running.
Looking under Status->System logs->General, it seems that Snort hangs while loading this:
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/server-other.so…
and then does not Start because it thinks it is starting, as you can see from the following line that keeps repeating, time after time:
Jan 27 10:35:41 SnortStartup[59983]: Ignoring additional START command since Snort is already starting…
The relevant log items are below:
Jan 27 10:37:24 SnortStartup[81786]: Ignoring additional START command since Snort is already starting…
Jan 27 10:36:55 SnortStartup[50141]: Ignoring additional START command since Snort is already starting…
Jan 27 10:35:48 SnortStartup[98463]: Ignoring additional START command since Snort is already starting…
Jan 27 10:35:41 SnortStartup[59983]: Ignoring additional START command since Snort is already starting…
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/server-other.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/browser-plugins.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/file-image.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/malware-cnc.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/malware-other.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/policy-social.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/server-mail.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/server-oracle.so…
Jan 27 10:34:53 snort[62658]: done
Jan 27 10:34:53 snort[62658]: Loading dynamic detection library /usr/pbi/snort-amd64/lib/snort_dynamicrules/browser-ie.so…
Jan 27 10:34:53 snort[62658]: Loading all dynamic detection libs from /usr/pbi/snort-amd64/lib/snort_dynamicrules…
Jan 27 10:34:53 snort[62658]: Finished Loading all dynamic engine libs from /usr/pbi/snort-amd64/lib/snort_dynamicengineI tried the suggestion offered by someone else on the Forum to Start Snort manually by entering the command, however even when I do that, I get:
SnortStartup[81786]: Ignoring additional START command since Snort is already starting…
I hope you can help, thank you for your time and effort.
-
For anyone else having this issue: delete the file /var/run/snort_pkg_starting.lck and try again. Snort should start right up.