Thread Info
  • State Not Answered
  • Replies 17 replies
  • Subscribers 0 subscribers
  • Views 10941 views
  • Users 0 members are here
Options
Suggested

[9.000][OPEN] Snort restarting

wingman
Hi All

I recently had another restart of snort related to ipv6 ( IPv6 was not connecting so I disabled it and re enabled it and few seconds later,snort restarted)

fatal error log 

2012:07:13-21:21:26 ***** snort[318]: FATAL ERROR: /etc/snort/rules/astaro.rules(7738) Rule options must be enclosed in '(' and ')'.


Thanks
  • 0
    Can you quickly grep the confd.log and the middleware.log from that time to see if there are error messages too?

    Thanks,
    Kai
  • 0 in reply to kbr
    middleware log 

    2012:07:13-21:19:58 ******* middleware[3584]: >=========================================================================

    2012:07:13-21:19:58 ******* middleware[3584]: E Could not write to file /proc/sys/net/ipv6/conf/eth0/autoconf: No such file or directory

    2012:07:13-21:19:58 ******* middleware[3584]: 

    2012:07:13-21:19:58 ******* middleware[3584]:  1. utils::File::WriteFile:103() /utils/File.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  2. utils::File::Write:72() /utils/File.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  3. modules::Interface::Ethernet::configureIPv6RA:218() /modules/Interface/Ethernet.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  4. modules::Interface::EthPrimary::Finalize:116() /modules/Interface/EthPrimary.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  5. modules::Interface::EthPrimary::Start:101() /modules/Interface/EthPrimary.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  6. modules::interfaces::_doChanges:329() /modules/interfaces.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  7. modules::interfaces::setAll:304() /modules/interfaces.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  8. core::Config::load:278() /core/Config.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  9. main::top-level:221() mdw.pl

    2012:07:13-21:19:58 ******* middleware[3584]: |=========================================================================

    2012:07:13-21:19:58 ******* middleware[3584]: E Could not write to file /proc/sys/net/ipv6/conf/eth0/accept_ra_defrtr: No such file or directory

    2012:07:13-21:19:58 ******* middleware[3584]: 

    2012:07:13-21:19:58 ******* middleware[3584]:  1. utils::File::WriteFile:103() /utils/File.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  2. utils::File::Write:72() /utils/File.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  3. modules::Interface::Ethernet::configureIPv6RA:219() /modules/Interface/Ethernet.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  4. modules::Interface::EthPrimary::Finalize:116() /modules/Interface/EthPrimary.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  5. modules::Interface::EthPrimary::Start:101() /modules/Interface/EthPrimary.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  6. modules::interfaces::_doChanges:329() /modules/interfaces.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  7. modules::interfaces::setAll:304() /modules/interfaces.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  8. core::Config::load:278() /core/Config.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  9. main::top-level:221() mdw.pl

    2012:07:13-21:19:58 ******* middleware[3584]: |=========================================================================

    2012:07:13-21:19:58 ******* middleware[3584]: E Could not write to file /proc/sys/net/ipv6/conf/eth0/accept_ra: No such file or directory

    2012:07:13-21:19:58 ******* middleware[3584]: 

    2012:07:13-21:19:58 ******* middleware[3584]:  1. utils::File::WriteFile:103() /utils/File.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  2. utils::File::Write:72() /utils/File.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  3. modules::Interface::Ethernet::configureIPv6RA:221() /modules/Interface/Ethernet.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  4. modules::Interface::EthPrimary::Finalize:116() /modules/Interface/EthPrimary.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  5. modules::Interface::EthPrimary::Start:101() /modules/Interface/EthPrimary.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  6. modules::interfaces::_doChanges:329() /modules/interfaces.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  7. modules::interfaces::setAll:304() /modules/interfaces.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  8. core::Config::load:278() /core/Config.pm

    2012:07:13-21:19:58 ******* middleware[3584]:  9. main::top-level:221() mdw.pl


    no confd error logs [:)]
  • 0
    That looks promising. I'll get this to the developers on monday, so they'll have a look at this.

    Thanks for reporting!
    Kai
  • 0
    Thanks for reporting. We are now tracking this as Mantis ID #20297
  • 0
    Can you mail me your /var/chroot-snort/etc/snort/rules/astaro.rules file
    and the up2date log file from that day? Thanks!
  • 0
    Thanks for reporting. We are now tracking this as Mantis ID #22174
  • 0
    Thanks for the files! One more thing. Can you please check how many times this happened?


    cd /var/log/ips/2012/07
    zgrep FATAL *
  • 0
    It seems that it happens only once

    ***:/root # cd /var/log/ips/2012/07
    ****:/var/log/ips/2012/07 # zgrep FATAL *
    ips-2012-07-13.log.gz:2012:07:13-21:21:26 **** snort[318]: FATAL ERROR: /etc/snort/rules/astaro.rules(7738) Rule options must be enclosed in '(' and ')'.
Unfiltered HTML