Discussion:
[pfSense] Snort rules problem
Carlos Vicente (Gmail)
2017-12-15 10:35:45 UTC
Permalink
Hi all,



Is anyone having problems with snort rules? Everything was working fine till
2 days ago when snort service stopped and returning errors, such as:



FATAL ERROR: /usr/local/etc/snort/snort_16397_em1/rules/snort.rules(1354)
Rule options must be enclosed in '(' and ')'.

WARNING: /usr/local/etc/snort/snort_16397_em1/rules/snort.rules(1353) appid
metadata "cisco_sla" unknown.

.



I have Snort 3.2.9.5_4 running on pfS 2.3.5



I did some troubleshooting: corrected the (several) errors in the file
"snort.rules" on the lines pointed in the logs, started the snort service
from "Status -> Services" (NOT from Services -> Snort) and the problem was
solved till the next scheduled rule update.



Thanks in advance.

Carlos Vicente

Continue reading on narkive:
Loading...