Network Protection: Firewall, NAT, QoS, & IPS IPS stopped to work - file too short

UTM Firewall requires membership for participation - click to join

Thread Info

Locked Locked
Replies 4 replies
Subscribers 5 subscribers
Views 1950 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS stopped to work - file too short

Daniel Huhardeaux over 2 years ago

Hi,

yesterday (sunday) at 3 am SNORT stopped to work with the result that internal nets couldn't reach Internet anymore. In the logs I found

FATAL ERROR: Failed to load /usr/lib/snort/so_rules//file-java.so: /usr/lib/snort/so_rules//file-java.so: file too short

Disabling IPS gave Internet back to local nets. No need to say that nothing was done at UTM level since weeks.

If someone had an idea on why does this suddenly happened, what does it mean, and finally how to solve it.

Thanks, Daniel

This thread was automatically locked due to age.

Parents

BAlfson over 2 years ago

Salü Daniel,

I found a similar one solved 7 months ago: https://community.sophos.com/utm-firewall/f/general-discussion/131375/solved-ips-blocks-all-network-traffic/483112#483112

You probably need to delete /var/chroot-snort/usr/lib/snort/so_rules/file-java.so instead of the one mentioned in the post by emmosophos.

Glieklich?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
Daniel Huhardeaux over 2 years ago in reply to BAlfson

Well, IPS can't update as Sophos repos are still not accessible in ipv6. How can this be true in 2022 specially from a IT company like Sophos !

Daniel
Cancel
Vote Up 0 Vote Down

Cancel
Amodin over 2 years ago in reply to Daniel Huhardeaux

I *think* it had something to do with repository accessibility depending on where in the world the UTM is located. Not making excuses, just stating what I believe the culprit was/is.

Redundancy is such a norm now, even for us home users. I have backups for my backups, lol.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Amodin over 2 years ago in reply to Daniel Huhardeaux

I *think* it had something to do with repository accessibility depending on where in the world the UTM is located. Not making excuses, just stating what I believe the culprit was/is.

Redundancy is such a norm now, even for us home users. I have backups for my backups, lol.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data