[Snort-devel] Problems after 1.8.3 upgrade to 1.8.6
mlafren at ...1261...
Fri Apr 12 13:53:02 EDT 2002
I've recently took over the network/security admin job (yay me, not). I
decided to upgrade from Snort 1.8.3 to 1.8.6 to get more rules, bug fixes
and speed enhancements. The old version had been running for atleast 2
months. The compilation went smoothly, no warnings or anything. I
backuped the old binary to snort-old just incase (before I compiled). I
also backedup the rules directory.
The system is running FreeBSD 4.4. It's a bridge+ipfw firewall and snort
runs on it (the inside network card has an IP, outside doesn't). I ran
1.8.6 fine for nearly 18 hours before it crashed (no idea where the crash
logs go but I have errors in /var/log/messages when starting it), it
restarted a second time for 12 hours before it died again. Now the old
version and new version report exact same errors:
Apr 11 11:53:59 gw snort: Initializing daemon mode
Apr 11 11:53:59 gw snort: PID stat checked out ok, PID set to /var/run/
Apr 11 11:53:59 gw snort: Writing PID file to "/var/run/"
Apr 11 11:53:59 gw snort: FATAL ERROR: ERROR line /root/rules (1) =>
Unknown rule type: <FA><A8>
I've greped the rules directory for both versions for <FA><A8> and nothing
turns up. Help!!
If you need more info please email me and tell me what you need. Thanks.
More information about the Snort-devel