Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 1310 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Snort not running after update 9.709-3

PEASANT_KING

Hello Guys,

Since last update to version 9.709-3 I do a regular error send from our SGM 115 stating "Snort not running".
This happens quite often. I searched in our logs and found under IPS something like:

Detection:
2022:04:06-14:09:29 astaro snort[2112]: Search-Method = AC-BNFA-Q
2022:04:06-14:09:29 astaro snort[2112]: Search-Method-Optimizations = enabled
2022:04:06-14:09:29 astaro snort[2112]: FATAL ERROR: /etc/snort//etc/snort/rules/astaro.rules(0) Unable to open rules file "/etc/snort//etc/snort/rules/astaro.rules": No such file or directory.
2022:04:06-14:09:35 astaro snort[2134]: Enabling inline operation
2022:04:06-14:09:35 astaro snort[2134]: Running in IDS mode
What is going on? How can I fix it?


This thread was automatically locked due to age.
Parents
  • 0

    Is IPS disabled or showing any issues in the log file for it besides what you posted? Are you doing any kind of direct database output for snort? 

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

  • 0 in reply to Amodin

    IPS itself is turned off only things in use are anti port scan and DoS / Flooding. No direct database output is configured.
    To be honest I don't even know how I could dump stuff to a database using UTM 9.

  • 0 in reply to PEASANT_KING

    Hallo and welcome to the UTM Community!

    What result do you get from the following at the command line?

         ll /var/chroot-snort/etc/snort/rules/astaro.rules

    If there's something there, then I think Amodin hit the nail on the head by asking if IPS is disabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to PEASANT_KING

    Hallo and welcome to the UTM Community!

    What result do you get from the following at the command line?

         ll /var/chroot-snort/etc/snort/rules/astaro.rules

    If there's something there, then I think Amodin hit the nail on the head by asking if IPS is disabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML