[Snort-users] Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017

Joel Esler (jesler) jesler at cisco.com
Wed Jan 10 08:41:15 EST 2018


Thank you for writing in.

Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Thanks!

--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Jan 9, 2018, at 9:30 PM, Rachida Kankpe-Kombath via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>> wrote:

Please unsubscribe

On Sun, Jan 7, 2018 at 12:43 PM, <Mark at nev-comm.com<mailto:Mark at nev-comm.com>> wrote:
I am running pfsense 2.4._p1 of FreeBSD  (amd64) 11.1-RELEASE-p6 on watchgaurd XTM525 with 4GB RAM and have had no issues with Snort until the new release 0n 4-Jan-2017. I am now unable to get Snort to install correctly and can in no way even get it to start.

I have 2 identical Watchagurd Firewalls as backup and test box in addition to the production firewall and no issues running the Snort release prior, but not the new Snort. Here is what I see below in the system logs.
Can anyone asssit with some help please.


Jan 7 09:27:46  root
        /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
Jan 7 09:27:48  syslogd
        exiting on signal 15
Jan 7 09:27:48  syslogd
        kernel boot file is /boot/kernel/kernel
Jan 7 09:27:48  php-fpm         349     /rc.start_packages: Restarting/Starting all packages.
Jan 7 09:27:48  kernel
        done.
Jan 7 09:27:48  php-fpm         349     lcdproc: Sync: Begin package sync
Jan 7 09:27:48  php-fpm         349     lcdproc: Sync: End package sync
Jan 7 09:27:48  LCDd
        LCDd version 0.5.7 starting
Jan 7 09:27:48  LCDd
        Using Configuration File: /usr/local/etc/LCDd.conf
Jan 7 09:27:48  LCDd
        Listening for queries on 127.0.0.1:13666<http://127.0.0.1:13666/>
Jan 7 09:27:48  SnortStartup    6380    Snort START for WAN(46258_em0)...
Jan 7 09:27:48  snort   6514    FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:27:48  php
        lcdproc: Start client procedure. Error counter: (0)
Jan 7 09:27:49  LCDd
        Connect from host 127.0.0.1:61105<http://127.0.0.1:61105/> on socket 6
Jan 7 09:28:28  php-fpm         349     /index.php: Successful login for user 'admin' from: 192.168.6.7
Jan 7 09:28:28  sshlockout      72510   sshlockout/webConfigurator v3.0 starting up
Jan 7 09:28:55  SnortStartup    85060   Snort START for WAN(46258_em0)...
Jan 7 09:28:55  snort   85092   FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:30:57  check_reload_status
        Syncing firewall
Jan 7 09:30:57  php-fpm         7531    /snort/snort_rulesets.php: [Snort] Updating rules configuration for: CENTURYLINK ...
Jan 7 09:30:58  php-fpm         7531    /snort/snort_rulesets.php: [Snort] Enabling any flowbit-required rules for: CENTURYLINK...
Jan 7 09:30:58  php-fpm         7531    /snort/snort_rulesets.php: [Snort] Building new sid-msg.map file for CENTURYLINK...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: CENTURYLINK ...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: CENTURYLINK...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for CENTURYLINK...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: Starting Snort on CENTURYLINK(em0) per user request...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Snort START for CENTURYLINK(em0)...
Jan 7 09:32:17  snort   16643   FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 46258 -D -q --suppress-config-log -l /var/log/snort/snort_em046258 --pid-path /var/run --nolock-pidfile -G 46258 -c /usr/local/etc/snort/snort_46258_em0/snort.conf -i em0' returned exit code '1', the output was ''
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: CENTURYLINK ...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: CENTURYLINK...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for CENTURYLINK...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: Starting Snort on CENTURYLINK(em0) per user request...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Snort START for CENTURYLINK(em0)...
Jan 7 09:32:22  snort   29651   FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: /usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 46258 -D -q --suppress-config-log -l /var/log/snort/snort_em046258 --pid-path /var/run --nolock-pidfile -G 46258 -c /usr/local/etc/snort/snort_46258_em0/snort.conf -i em0' returned exit code '1', the output was ''



-Mark

Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette


_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180110/9057229c/attachment-0001.html>


More information about the Snort-users mailing list