Re: Snort 2.9.11.1 ISSUES since new release on 4-Jan-2017

[Rachida Kankpe-Kombath via Snort-users <snort-users () lists snort org>]

Please unsubscribe

On Sun, Jan 7, 2018 at 12:43 PM, <Mark () nev-comm com> wrote:

> I am running pfsense 2.4._p1 of FreeBSD  (amd64) 11.1-RELEASE-p6 on
> watchgaurd XTM525 with 4GB RAM and have had no issues with Snort until the
> new release 0n 4-Jan-2017. I am now unable to get Snort to install
> correctly and can in no way even get it to start.
>
> I have 2 identical Watchagurd Firewalls as backup and test box in addition
> to the production firewall and no issues running the Snort release prior,
> but not the new Snort. Here is what I see below in the system logs.
> Can anyone asssit with some help please.
>
>
> Jan 7 09:27:46 root
> /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI
> data, generating a new one
> Jan 7 09:27:48 syslogd
> exiting on signal 15
> Jan 7 09:27:48 syslogd
> kernel boot file is /boot/kernel/kernel
> Jan 7 09:27:48 php-fpm 349 /rc.start_packages: Restarting/Starting all
> packages.
> Jan 7 09:27:48 kernel
> done.
> Jan 7 09:27:48 php-fpm 349 lcdproc: Sync: Begin package sync
> Jan 7 09:27:48 php-fpm 349 lcdproc: Sync: End package sync
> Jan 7 09:27:48 LCDd
> LCDd version 0.5.7 starting
> Jan 7 09:27:48 LCDd
> Using Configuration File: /usr/local/etc/LCDd.conf
> Jan 7 09:27:48 LCDd
> Listening for queries on 127.0.0.1:13666
> Jan 7 09:27:48 SnortStartup 6380 Snort START for WAN(46258_em0)...
> Jan 7 09:27:48 snort 6514 FATAL ERROR: Failed to load
> /usr/local/lib/snort_dynamicrules/browser-ie.so: /usr/local/lib/snort_
> dynamicrules/browser-ie.so: invalid file format
> Jan 7 09:27:48 php
> lcdproc: Start client procedure. Error counter: (0)
> Jan 7 09:27:49 LCDd
> Connect from host 127.0.0.1:61105 on socket 6
> Jan 7 09:28:28 php-fpm 349 /index.php: Successful login for user 'admin'
> from: 192.168.6.7
> Jan 7 09:28:28 sshlockout 72510 sshlockout/webConfigurator v3.0 starting
> up
> Jan 7 09:28:55 SnortStartup 85060 Snort START for WAN(46258_em0)...
> Jan 7 09:28:55 snort 85092 FATAL ERROR: Failed to load
> /usr/local/lib/snort_dynamicrules/browser-ie.so: /usr/local/lib/snort_
> dynamicrules/browser-ie.so: invalid file format
> Jan 7 09:30:57 check_reload_status
> Syncing firewall
> Jan 7 09:30:57 php-fpm 7531 /snort/snort_rulesets.php: [Snort] Updating
> rules configuration for: CENTURYLINK ...
> Jan 7 09:30:58 php-fpm 7531 /snort/snort_rulesets.php: [Snort] Enabling
> any flowbit-required rules for: CENTURYLINK...
> Jan 7 09:30:58 php-fpm 7531 /snort/snort_rulesets.php: [Snort] Building
> new sid-msg.map file for CENTURYLINK...
> Jan 7 09:32:17 php-fpm 48556 /snort/snort_interfaces.php: [Snort]
> Updating rules configuration for: CENTURYLINK ...
> Jan 7 09:32:17 php-fpm 48556 /snort/snort_interfaces.php: [Snort]
> Enabling any flowbit-required rules for: CENTURYLINK...
> Jan 7 09:32:17 php-fpm 48556 /snort/snort_interfaces.php: [Snort]
> Building new sid-msg.map file for CENTURYLINK...
> Jan 7 09:32:17 php-fpm 48556 /snort/snort_interfaces.php: Starting Snort
> on CENTURYLINK(em0) per user request...
> Jan 7 09:32:17 php-fpm 48556 /snort/snort_interfaces.php: [Snort] Snort
> START for CENTURYLINK(em0)...
> Jan 7 09:32:17 snort 16643 FATAL ERROR: Failed to load
> /usr/local/lib/snort_dynamicrules/browser-ie.so: /usr/local/lib/snort_
> dynamicrules/browser-ie.so: invalid file format
> Jan 7 09:32:17 php-fpm 48556 /snort/snort_interfaces.php: The command
> '/usr/local/bin/snort -R 46258 -D -q --suppress-config-log -l
> /var/log/snort/snort_em046258 --pid-path /var/run --nolock-pidfile -G 46258
> -c /usr/local/etc/snort/snort_46258_em0/snort.conf -i em0' returned exit
> code '1', the output was ''
> Jan 7 09:32:22 php-fpm 16790 /snort/snort_interfaces.php: [Snort]
> Updating rules configuration for: CENTURYLINK ...
> Jan 7 09:32:22 php-fpm 16790 /snort/snort_interfaces.php: [Snort]
> Enabling any flowbit-required rules for: CENTURYLINK...
> Jan 7 09:32:22 php-fpm 16790 /snort/snort_interfaces.php: [Snort]
> Building new sid-msg.map file for CENTURYLINK...
> Jan 7 09:32:22 php-fpm 16790 /snort/snort_interfaces.php: Starting Snort
> on CENTURYLINK(em0) per user request...
> Jan 7 09:32:22 php-fpm 16790 /snort/snort_interfaces.php: [Snort] Snort
> START for CENTURYLINK(em0)...
> Jan 7 09:32:22 snort 29651 FATAL ERROR: Failed to load
> /usr/local/lib/snort_dynamicrules/browser-ie.so: /usr/local/lib/snort_
> dynamicrules/browser-ie.so: invalid file format
> Jan 7 09:32:22 php-fpm 16790 /snort/snort_interfaces.php: The command
> '/usr/local/bin/snort -R 46258 -D -q --suppress-config-log -l
> /var/log/snort/snort_em046258 --pid-path /var/run --nolock-pidfile -G 46258
> -c /usr/local/etc/snort/snort_46258_em0/snort.conf -i em0' returned exit
> code '1', the output was ''
>
>
>
> -Mark
>
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette