The pfSense Store

Author Topic: Snort won't start, or will it. <SOLVED>  (Read 7209 times)

0 Members and 1 Guest are viewing this topic.

Offline SomeSense

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Snort won't start, or will it. <SOLVED>
« Reply #15 on: August 09, 2015, 12:12:06 pm »
Anybody having this issue also have suricata installed and enabled on the wan interface?

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Snort won't start, or will it. <SOLVED>
« Reply #16 on: August 09, 2015, 01:24:17 pm »
^and turning it off didn't solve the problem.  Still having issues w/ rebooting the firewall and the service not starting back up.

What do you mean exactly? How are you checking this? This is now started in backgroundl since it takes long to start, depending on HW and configuration.
Do NOT PM for help!

Offline SomeSense

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Snort won't start, or will it. <SOLVED>
« Reply #17 on: August 29, 2015, 08:40:24 pm »
I think I figured out how to fix the bug.  Go into "snort interfaces" and then "wan categories"

Turn off all the categories, then turn any one of them on (just one)....and save it.  Then if you go back into "snort interfaces" it will say the WAN is enabled.  After that, go back into the "wan categories and turn on either all or whatever ones you want one, and it will stay enabled.

Offline Kenton

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Snort won't start, or will it. <SOLVED>
« Reply #18 on: December 31, 2017, 12:27:09 am »
I had this issue with pfSesne 2.4.2 and had no luck fixing the issue with any of the suggestions. Though I do think I have now found out why the WAN interface went down.
As I had set up Snort previously, access to checkip.dyndns.org was noted in the Alerts tab. Enabling a suppression list for the following IP addresses seems to have corrected my connection issues.

suppress gen_id 1, sig_id 2014932, track by_src, ip 91.198.22.70
suppress gen_id 1, sig_id 2014932, track by_src, ip 216.146.38.70
suppress gen_id 1, sig_id 2014932, track by_src, ip 216.146.43.70
suppress gen_id 1, sig_id 2014932, track by_src, ip 216.146.43.71