Snort mailing list archives

Re: Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 10 Jan 2018 13:41:15 +0000

Thank you for writing in.

Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Thanks!

--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>






On Jan 9, 2018, at 9:30 PM, Rachida Kankpe-Kombath via Snort-users <snort-users () lists snort org<mailto:snort-users 
() lists snort org>> wrote:

Please unsubscribe

On Sun, Jan 7, 2018 at 12:43 PM, <Mark () nev-comm com<mailto:Mark () nev-comm com>> wrote:
I am running pfsense 2.4._p1 of FreeBSD  (amd64) 11.1-RELEASE-p6 on watchgaurd XTM525 with 4GB RAM and have had no 
issues with Snort until the new release 0n 4-Jan-2017. I am now unable to get Snort to install correctly and can in no 
way even get it to start.

I have 2 identical Watchagurd Firewalls as backup and test box in addition to the production firewall and no issues 
running the Snort release prior, but not the new Snort. Here is what I see below in the system logs.
Can anyone asssit with some help please.


Jan 7 09:27:46  root
        /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
Jan 7 09:27:48  syslogd
        exiting on signal 15
Jan 7 09:27:48  syslogd
        kernel boot file is /boot/kernel/kernel
Jan 7 09:27:48  php-fpm         349     /rc.start_packages: Restarting/Starting all packages.
Jan 7 09:27:48  kernel
        done.
Jan 7 09:27:48  php-fpm         349     lcdproc: Sync: Begin package sync
Jan 7 09:27:48  php-fpm         349     lcdproc: Sync: End package sync
Jan 7 09:27:48  LCDd
        LCDd version 0.5.7 starting
Jan 7 09:27:48  LCDd
        Using Configuration File: /usr/local/etc/LCDd.conf
Jan 7 09:27:48  LCDd
        Listening for queries on 127.0.0.1:13666<http://127.0.0.1:13666/>
Jan 7 09:27:48  SnortStartup    6380    Snort START for WAN(46258_em0)...
Jan 7 09:27:48  snort   6514    FATAL ERROR: Failed to load 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:27:48  php
        lcdproc: Start client procedure. Error counter: (0)
Jan 7 09:27:49  LCDd
        Connect from host 127.0.0.1:61105<http://127.0.0.1:61105/> on socket 6
Jan 7 09:28:28  php-fpm         349     /index.php: Successful login for user 'admin' from: 192.168.6.7
Jan 7 09:28:28  sshlockout      72510   sshlockout/webConfigurator v3.0 starting up
Jan 7 09:28:55  SnortStartup    85060   Snort START for WAN(46258_em0)...
Jan 7 09:28:55  snort   85092   FATAL ERROR: Failed to load 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:30:57  check_reload_status
        Syncing firewall
Jan 7 09:30:57  php-fpm         7531    /snort/snort_rulesets.php: [Snort] Updating rules configuration for: 
CENTURYLINK ...
Jan 7 09:30:58  php-fpm         7531    /snort/snort_rulesets.php: [Snort] Enabling any flowbit-required rules for: 
CENTURYLINK...
Jan 7 09:30:58  php-fpm         7531    /snort/snort_rulesets.php: [Snort] Building new sid-msg.map file for 
CENTURYLINK...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: 
CENTURYLINK ...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: 
CENTURYLINK...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for 
CENTURYLINK...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: Starting Snort on CENTURYLINK(em0) per user 
request...
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: [Snort] Snort START for CENTURYLINK(em0)...
Jan 7 09:32:17  snort   16643   FATAL ERROR: Failed to load 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:32:17  php-fpm         48556   /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 46258 -D -q 
--suppress-config-log -l /var/log/snort/snort_em046258 --pid-path /var/run --nolock-pidfile -G 46258 -c 
/usr/local/etc/snort/snort_46258_em0/snort.conf -i em0' returned exit code '1', the output was ''
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: 
CENTURYLINK ...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: 
CENTURYLINK...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for 
CENTURYLINK...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: Starting Snort on CENTURYLINK(em0) per user 
request...
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: [Snort] Snort START for CENTURYLINK(em0)...
Jan 7 09:32:22  snort   29651   FATAL ERROR: Failed to load 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: 
/usr/local/lib/snort_dynamicrules/browser-ie.so<http://browser-ie.so/>: invalid file format
Jan 7 09:32:22  php-fpm         16790   /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 46258 -D -q 
--suppress-config-log -l /var/log/snort/snort_em046258 --pid-path /var/run --nolock-pidfile -G 46258 -c 
/usr/local/etc/snort/snort_46258_em0/snort.conf -i em0' returned exit code '1', the output was ''



-Mark

Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017 Mark (Jan 07)
- Re: Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017 Lucas K. Smith via Snort-users (Jan 07)
- Re: Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017 Rachida Kankpe-Kombath via Snort-users (Jan 09)
  - Re: Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017 Joel Esler (jesler) via Snort-users (Jan 10)