The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - taryezveb

Pages: [1]
1
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6

Snort: 2.9.2.3 pkg v. 2.2.1

I keep getting the following error when trying to start Snort, just like others have stated[1,2]:

Code: [Select]
/usr/local/bin/snort
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layout

It would help when starting from the GUI it would log this error. All I get is:

Code: [Select]
Jun 16 21:06:55 SnortStartup[16291]: Interface Rule START for 0_14987_em1...
Jun 16 21:06:54 SnortStartup[10750]: Toggle for 14987_em1...
Jun 16 21:03:35 SnortStartup[50953]: Interface Rule START for 0_14987_em1...
Jun 16 21:03:35 SnortStartup[45644]: Toggle for 14987_em1...
Jun 16 21:02:27 SnortStartup[36940]: Interface Rule START for 0_14987_em1...
Jun 16 21:02:27 SnortStartup[30983]: Toggle for 14987_em1...

In the system log.

Luckily I read this thread[1,2] and tried starting Snort from the terminal and got the error above.

Note, that Snort was [re]installed a few times; before I saw[1,2]. But kept getting those messages in the system log.

[1] http://forum.pfsense.org/index.php/topic,50301.0.html
[2] http://forum.pfsense.org/index.php/topic,50301.msg268889.html#msg268889

2
Packages / Snort using PulledPork?
« on: February 10, 2012, 09:58:11 am »
Does Snort currently use PulledPork? If not, are there any plans to start using PulledPork?

I ask because of this: http://blog.snort.org/2012/01/importance-of-pulledpork.html

Thanks

3
pfSense: 2.0.1-RELEASE (amd64)  Snort: 2.9.1 pkg v. 2.1.1

All was working fine before I did the following. Made a couple of changes in Services -> DHCP server [changed some static info] and afterwards Snort restarted itself. A few minutes later I went to check on the Alerts and Blocked tabs in Services -> Snort. But can not view the page with the relevant info, just get a blank page.

I tried a reboot, but still the same. So looked through some of the logs and found this in /tmp/PHP_errors.log:

Code: [Select]
[07-Feb-2012 12:22:32] PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 71 bytes) in /usr/local/www/snort/snort_alerts.php on line 380
[07-Feb-2012 12:22:40] PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 71 bytes) in /usr/local/www/snort/snort_blocked.php on line 298
[07-Feb-2012 13:06:33] PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 352 bytes) in /usr/local/www/snort/snort_blocked.php on line 298
[07-Feb-2012 13:15:58] PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 557 bytes) in /usr/local/www/snort/snort_alerts.php on line 380
Get the above whenever trying to view the Snort Alerts and Blocked info.

How can this be fixed?

Thanks

4
Packages / Snort: DynamicPlugin: Rule...rule will not be used.
« on: January 02, 2012, 11:31:17 pm »
pfSense: 2.0.1-RELEASE (amd64) Snort: 2.9.1 pkg v. 2.0.2

I get these messages when snort starts[for example]:

Jan 3 00:00:00   snort[45448]: DynamicPlugin: Rule [3:19187] not enabled in configuration, rule will not be used.
Jan 3 00:00:00   snort[45448]: DynamicPlugin: Rule [3:19187] not enabled in configuration, rule will not be used.
Jan 3 00:00:00   snort[45448]: DynamicPlugin: Rule [3:8351] not enabled in configuration, rule will not be used.
Jan 3 00:00:00   snort[45448]: DynamicPlugin: Rule [3:8351] not enabled in configuration, rule will not be used.

I get much more than that, in the ~100s. What do these mean and how can I fix this? I searched around but did not find anything useful.

EDIT: Is snort just telling me, the rules that are not enabled are not going to be used?

5
Packages / [Solved] Can not view lightsquid report
« on: December 29, 2011, 06:41:07 am »
Get the following:

LigthSquid diagnostic.
Error : report folder '/var/lightsquid/report' not contain any valid data! Please run lightparser.pl (and check 'report' folder content)
Please check config file !
Variable   value
$tplpatph   /usr/local/www/lightsquid/tpl
$templatename   base
$langpatph   /usr/local/share/lightsquid/lang
$langname   eng
$reportpath   /var/lightsquid/report
Access to '/var/lightsquid/report' folder   yes
$graphreport   1
folder content:

I have done 'Refresh now' and 'Refresh full' several times, but still get no report. Also tried what jimp suggested in this post:
http://forum.pfsense.org/index.php/topic,38442.msg198861.html#msg198861

And reinstalling lightsquid several times. But still don't see a report. What I'm I missing?

Squid settings:

Proxy interface: LAN, OPT1
Allow users on interface: checked off
Transparent proxy: checked off
Enabled logging: checked off
Log store directory: /var/squid/log
Proxy port: 3128
Visible hostname: localhost
Administrator email: admin@localhost   
Language: English
Disable X-Forward: checked off
Disable VIA: checked off
What to do with requests that have whitespace characters in the URI: strip
Suppress Squid Version: checked off

6
Hardware / New build
« on: December 22, 2011, 10:44:23 am »
Just finished a new pfSense build with the following components:

Foxconn H67S: http://www.newegg.com/Product/Product.aspx?Item=N82E16813186211

Intel Celeron G530 Sandy Bridge: http://www.newegg.com/Product/Product.aspx?Item=N82E16819116409

Mushkin Enhanced Essentials 4GB (2 x 2GB): http://www.newegg.com/Product/Product.aspx?Item=N82E16820146748

IBM / Intel PRO/1000 PT Dual Port Gigabit NIC Adapter PCI-E: http://www.ebay.com/itm/350513539530

SilverStone SG06B: http://www.amazon.com/gp/product/B002M78KYW/ref=oh_o01_s00_i00_details

Hard drive: used a old laptop hard drive I had laying around.

Total came too ~$310. I could have saved some money, by going with a cheaper case. But the SG06 is a very nice looking case, comes with a decent power supply and easy to build with. Had no trouble with install and setup, working great so far.

Uses ~30 watts, this is using powerd. With a better power supply power consumption should be lower. Maybe later on, I will try with a pico power supply. Pico power supplies should bring power consumption down. But a good pico power supply setup is costly and would only save ~10 watts, to bring power consumption down in ~20 watt range. Not sure if the cost is worth it for the small savings in power consumption.

Maybe this will help others, when considering a new build.

Pages: [1]