[Snort-devel] Problems after 1.8.3 upgrade to 1.8.6

Michael Lafreniere mlafren at ...1261...
Fri Apr 12 13:53:02 EDT 2002


I've recently took over the network/security admin job (yay me, not).  I 
decided to upgrade from Snort 1.8.3 to 1.8.6 to get more rules, bug fixes 
and speed enhancements.  The old version had been running for atleast 2 
months.  The compilation went smoothly, no warnings or anything.  I 
backuped the old binary to snort-old just incase (before I compiled).  I 
also backedup the rules directory.

The system is running FreeBSD 4.4.  It's a bridge+ipfw firewall and snort 
runs on it (the inside network card has an IP, outside doesn't).  I ran 
1.8.6 fine for nearly 18 hours before it crashed (no idea where the crash 
logs go but I have errors in /var/log/messages when starting it), it 
restarted a second time for 12 hours before it died again.  Now the old 
version and new version report exact same errors:

Apr 11 11:53:59 gw snort: Initializing daemon mode
Apr 11 11:53:59 gw snort: PID stat checked out ok, PID set to /var/run/
Apr 11 11:53:59 gw snort: Writing PID file to "/var/run/"
Apr 11 11:53:59 gw snort: FATAL ERROR: ERROR line /root/rules (1) => 
Unknown rule type: <FA><A8>

I've greped the rules directory for both versions for <FA><A8> and nothing 
turns up.  Help!!

If you need more info please email me and tell me what you need.  Thanks.

-Michael Lafreniere

More information about the Snort-devel mailing list