<div dir="ltr">Please unsubscribe</div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 7, 2018 at 12:43 PM,  <span dir="ltr"><<a href="mailto:Mark@nev-comm.com" target="_blank">Mark@nev-comm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><span style="font-family:Verdana;color:#000;font-size:10pt"><div>I am running pfsense 2.4._p1 of FreeBSD 
                                (amd64) <span title="FreeBSD pfSense.localdomain 11.1-RELEASE-p6 FreeBSD 11.1-RELEASE-p6 #8 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 13:51:24 CST 2017     root@buildbot2.netgate.com:/builder/ce-242/tmp/obj/builder/ce-242/tmp/FreeBSD-src/sys/pfSense amd64">11.1-RELEASE-p6</span> on watchgaurd XTM525 with 4GB RAM and have had no issues with Snort until the new release 0n 4-Jan-2017. I am now unable to get Snort to install correctly and can in no way even get it to start. </div><div><br></div><div>I have 2 identical Watchagurd Firewalls as backup and test box in addition to the production firewall and no issues running the Snort release prior, but not the new Snort. Here is what I see below in the system logs.</div><div>Can anyone asssit with some help please.<br></div><div><br></div><div><br></div><table class="m_1480642236113221912table m_1480642236113221912table-striped m_1480642236113221912table-hover m_1480642236113221912table-condensed m_1480642236113221912sortable-theme-bootstrap"><tbody><tr class="m_1480642236113221912text-nowrap"><td>Jan  7 09:27:46                                  </td>
                                        <td>
                                                root                                    </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one                                      </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                syslogd                                 </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                exiting on signal 15                                    </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                syslogd                                 </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                kernel boot file is /boot/kernel/kernel                                 </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                349                                     </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /rc.start_packages: Restarting/Starting all packages.                                   </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                kernel                                  </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                done.                                   </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                349                                     </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                lcdproc: Sync: Begin package sync                                       </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                349                                     </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                lcdproc: Sync: End package sync                                 </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                LCDd                                    </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                LCDd version 0.5.7 starting                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                LCDd                                    </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                Using Configuration File: /usr/local/etc/LCDd.conf                                      </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                LCDd                                    </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                Listening for queries on <a href="http://127.0.0.1:13666" target="_blank">127.0.0.1:13666</a>                                   </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                SnortStartup                                    </td>
                                        <td>
                                                6380                                    </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                Snort START for WAN(46258_em0)...                                       </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                snort                                   </td>
                                        <td>
                                                6514                                    </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                FATAL ERROR: Failed to load 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: invalid file format                              
        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:48                                 </td>
                                        <td>
                                                php                                     </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                lcdproc: Start client procedure. Error counter: (0)                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:27:49                                 </td>
                                        <td>
                                                LCDd                                    </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                Connect from host <a href="http://127.0.0.1:61105" target="_blank">127.0.0.1:61105</a> on socket 6                                      </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:28:28                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                349                                     </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /index.php: Successful login for user 'admin' from: 192.168.6.7                                 </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:28:28                                 </td>
                                        <td>
                                                sshlockout                                      </td>
                                        <td>
                                                72510                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                sshlockout/webConfigurator v3.0 starting up                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:28:55                                 </td>
                                        <td>
                                                SnortStartup                                    </td>
                                        <td>
                                                85060                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                Snort START for WAN(46258_em0)...                                       </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:28:55                                 </td>
                                        <td>
                                                snort                                   </td>
                                        <td>
                                                85092                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                FATAL ERROR: Failed to load 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: invalid file format                              
        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:30:57                                 </td>
                                        <td>
                                                check_reload_status                                     </td>
                                        <td>
                                                                                        <br></td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                Syncing firewall                                        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:30:57                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                7531                                    </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_rulesets.php: [Snort] Updating rules configuration for: CENTURYLINK ...                                    </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:30:58                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                7531                                    </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_rulesets.php: [Snort] Enabling any flowbit-required rules for: CENTURYLINK...                                      </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:30:58                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                7531                                    </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_rulesets.php: [Snort] Building new sid-msg.map file for CENTURYLINK...                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                48556                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Updating rules configuration for: CENTURYLINK ...                                  </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                48556                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: CENTURYLINK...                                    </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                48556                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for CENTURYLINK...                                   </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                48556                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: Starting Snort on CENTURYLINK(em0) per user request...                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                48556                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Snort START for CENTURYLINK(em0)...                                        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                snort                                   </td>
                                        <td>
                                                16643                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                FATAL ERROR: Failed to load 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: invalid file format                              
        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:17                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                48556                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 
46258 -D -q --suppress-config-log -l /var/log/snort/snort_em046258 
--pid-path /var/run --nolock-pidfile -G 46258 -c 
/usr/local/etc/snort/snort_<wbr>46258_em0/snort.conf -i em0' returned exit 
code '1', the output was ''                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                16790                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Updating rules configuration for: CENTURYLINK ...                                  </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                16790                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: CENTURYLINK...                                    </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                16790                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for CENTURYLINK...                                   </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                16790                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: Starting Snort on CENTURYLINK(em0) per user request...                                     </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                16790                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: [Snort] Snort START for CENTURYLINK(em0)...                                        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                snort                                   </td>
                                        <td>
                                                29651                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                FATAL ERROR: Failed to load 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: 
/usr/local/lib/snort_<wbr>dynamicrules/<a href="http://browser-ie.so" target="_blank">browser-ie.so</a>: invalid file format                              
        </td>
                                </tr>
                                <tr class="m_1480642236113221912text-nowrap">
                                        <td>
                                                Jan  7 09:32:22                                 </td>
                                        <td>
                                                php-fpm                                 </td>
                                        <td>
                                                16790                                   </td>
                                        <td style="word-wrap:break-word;word-break:break-all;white-space:normal">
                                                /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 
46258 -D -q --suppress-config-log -l /var/log/snort/snort_em046258 
--pid-path /var/run --nolock-pidfile -G 46258 -c 
/usr/local/etc/snort/snort_<wbr>46258_em0/snort.conf -i em0' returned exit 
code '1', the output was ''                                     </td></tr></tbody></table><div></div><div><br></div><div> </div><div> </div><div>-Mark</div><div><br></div><blockquote id="m_1480642236113221912replyBlockquote" style="border-left:2px solid blue;margin-left:8px;padding-left:8px;font-size:10pt;color:black;font-family:verdana"><div id="m_1480642236113221912wmQuoteWrapper">
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.snort.org" target="_blank">Snort-users@lists.snort.org</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.snort.org/mailman/listinfo/snort-users" target="_blank">https://lists.snort.org/<wbr>mailman/listinfo/snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br>
<br>
Please follow these rules: <a href="https://snort.org/faq/what-is-the-mailing-list-etiquette" target="_blank">https://snort.org/faq/what-is-<wbr>the-mailing-list-etiquette</a><br>

</div>
</blockquote></span></div>
<br>______________________________<wbr>_________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.snort.org">Snort-users@lists.snort.org</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.snort.org/mailman/listinfo/snort-users" rel="noreferrer" target="_blank">https://lists.snort.org/<wbr>mailman/listinfo/snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" rel="noreferrer" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br>
<br>
Please follow these rules: <a href="https://snort.org/faq/what-is-the-mailing-list-etiquette" rel="noreferrer" target="_blank">https://snort.org/faq/what-is-<wbr>the-mailing-list-etiquette</a><br>
<br></blockquote></div><br></div>