Snort Rules Not Working

Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Snort Rules Not Working

1TUS
I believe my snort rules are broken or not loading properly. Below fatal error message is from the system log. I'm on v1.51 SP1. Any help or direction would be appreciated. Thanks.



Sun Feb  9 03:56:34 2020 daemon.crit dnsmasq[15900]: bad option at line 2 of /etc/ITUS_DNS.txt
Sun Feb  9 03:56:34 2020 daemon.crit dnsmasq[15900]: FAILED to start up
Sun Feb  9 03:56:34 2020 daemon.err snort[15899]: FATAL ERROR: /etc/snort/rules/snort.rules(4619) Rule options must be enclosed in '(' and ')'.
Sun Feb  9 03:56:39 2020 daemon.crit dnsmasq[15901]: bad option at line 2 of /etc/ITUS_DNS.txt
Sun Feb  9 03:56:39 2020 daemon.crit dnsmasq[15901]: FAILED to start up
Sun Feb  9 03:56:39 2020 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Sun Feb  9 03:56:39 2020 daemon.notice snort[15902]: Enabling inline operation
Sun Feb  9 03:56:39 2020 daemon.notice snort[15902]: Found pid path directive (/var/snort/)
Sun Feb  9 03:56:39 2020 daemon.notice snort[15902]: Running in IDS mode
Reply | Threaded
Open this post in threaded view
|

Re: Snort Rules Not Working

user8446
Administrator
FYI the whole repo is on github: https://github.com/ItusShield


ITUS_DNS.txt appears to be blank so just clear it out and reboot. On your rules file there is just a bad syntax on whatever rule is on line 4619, just delete it.
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Snort Rules Not Working

1TUS
Thanks. I just reset the unit and re-installed updates again. Appears to be working fine now.