Bug #9546
closed
Snort fails to load/start with host_attribute_table
0%
Description
Using the PfSense gui to load and import an attribute table will cause Snort to error on startup. It will not start.
Previous troubleshooting done included running my hosts.xml against the DTD provided by snort.org, trying the same host.xml file on Snort installs on both Ubuntu and FreeBSD 12 (which both worked fine with the snort -Tv test command.)
It seems to be an issue with how php in the gui handle the file.
Updated by Bill Meeks almost 5 years ago
This issue is fixed in the upcoming snort-2.9.13_1 package that will be available for pfSense-2.5-DEVEL in the near future.
The problem was actually within the Snort binary and was caused by the Poudriere builder environment using the older yacc instead of the newer bison program when building the code files that provide Host Attribute Table support in Snort.
The fix is to modify the USES= line in the Snort port Makefile to add bison as a requirement.
Updated by Bill Meeks almost 5 years ago
This issue is now fixed in both the RELEASE and DEVEL branches of pfSense. In pfSense 2.4.4.x the fixed package version is pfSense-pkg-snort-3.2.9.8_6, and on pfSense 2.5.x the fixed package version is pfSense-pkg-snort-4.0.
This issue can be closed.
Updated by