SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003302: Fail to initialize and update Snort - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003302Endian FirewallIntrusion Preventionpublic2010-11-16 02:122010-11-19 14:37
Reporterytech 
Assigned Tolorenzo-endian 
PrioritynormalSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.4 
Target VersionFixed in Version2.4.1 
Summary0003302: Fail to initialize and update Snort
DescriptionFail when we tried to intialize the snort after the upgrade to the 2.4.1 version.

It is giving the following error:

Nov 16 00:06:51 snort[19111] Warning: /etc/snort/processed.rules(30) => threshold (in rule) is deprecated; use detection_filter instead.
TagsNo tags attached.
Attached Files

- Relationships
duplicate of 0003292closedlorenzo-endian snort rules seem to prevent the launch of the IDS service 

-  Notes
(0005130)
lorenzo-endian (manager)
2010-11-16 09:30

Hi ytech,

Are you sure that the problem is not the same as this one?

http://bugs.endian.com/view.php?id=3295 [^]

Thanks in advance!

Lo
(0005136)
ytech (reporter)
2010-11-16 13:09

Hi Lo,
I also saw this bug code but just today gmar_87 has inserted the same comments that is the same problem that i m having.
(0005138)
lorenzo-endian (manager)
2010-11-16 14:38

Hi ytec,

while waiting for a definitive solution, here is a workaround:

http://bugs.endian.com/view.php?id=3292 [^]

Thanks

Lo
(0005141)
lorenzo-endian (manager)
2010-11-16 16:30

Hello ytech,

there are new rules available on Emerging Threats, which run fine for me.

Please donwload them using the "Automatically fetch SNORT rules" flag.

Thanks for a feedback!

Lo
(0005143)
ytech (reporter)
2010-11-16 17:43

Lo
Thanks but the same error appears

An error occured while starting SNORT! Please check the logs for further information

and at the system log:

Nov 16 15:41:42 snort[32486] Initializing rule chains...
Nov 16 15:41:42 snort[32486] Warning: /etc/snort/processed.rules(30) => threshold (in rule) is deprecated; use detection_filter instead.
Nov 16 15:41:47 snort[32486] FATAL ERROR: /etc/snort/processed.rules(6637): Couldn't resolve hostname 208.73.210.74.52
(0005144)
pwizard (reporter)
2010-11-17 01:39

Hello ytech,
The same problem.
(0005151)
lorenzo-endian (manager)
2010-11-17 11:09

Hi ytech and pwizard,

are you using the Automatically fetch SNORT rules" flag?

Other users who were experiencing the same problem solved it with this trick...
(0005155)
ytech (reporter)
2010-11-17 16:02

Hello Lo.

I solve the problem doing these steps bellow :

1- Turno off the IDS at the web menu and/or and command line.
2- Download mannualy the latest rules.
3- Turn on the service trought the web painel without mark the flag to automatically fech the rules.
4- Import the rule downloaded at the step 2.
5- Reboot the firewall.
6- Mark the flag to fech automatically and click down to upgrade and restart.

I could repeat these steps to have sure that the things will work.


Just one extra bug. everything at the proxy, ids and firewall tabs that i change when i apply it appears for infite time for exemple "IDS Service is restarting" and other services with the related messages. I think that is only a problem at the frontend because the services, rules and others are applied.
(0005157)
ardit-endian (developer)
2010-11-18 10:34
edited on: 2010-11-18 10:34

FATAL ERROR: /etc/snort/processed.rules(11) => 'fast_pattern' does not take an argument (reported 2 times until now with the last snort update)

(0005158)
lorenzo-endian (manager)
2010-11-18 11:12

hi ardit,

i have completed now the update using the "automatic fetch rules" feature and snort restarts without errors.

Are you still using the tar.gz downloaded from emergingthreats?

thanks a lot

Lo
(0005159)
ardit-endian (developer)
2010-11-18 11:17

Yes , can you release the update with the correct rules for the 2.3-1 also?

Regards.
(0005163)
lorenzo-endian (manager)
2010-11-19 14:37

Hi ytech,

we released this week an update which solve this problem even for the 2.3.1.

Please feel free to open another ticket if the problem arises again.

Thanks a lot!

Lo

- Issue History
Date Modified Username Field Change
2010-11-16 02:12 ytech New Issue
2010-11-16 09:30 lorenzo-endian Note Added: 0005130
2010-11-16 09:30 lorenzo-endian Assigned To => lorenzo-endian
2010-11-16 09:30 lorenzo-endian Status new => feedback
2010-11-16 13:09 ytech Note Added: 0005136
2010-11-16 14:38 lorenzo-endian Note Added: 0005138
2010-11-16 14:38 lorenzo-endian Relationship added duplicate of 0003292
2010-11-16 16:30 lorenzo-endian Note Added: 0005141
2010-11-16 17:43 ytech Note Added: 0005143
2010-11-17 01:39 pwizard Note Added: 0005144
2010-11-17 11:09 lorenzo-endian Note Added: 0005151
2010-11-17 16:02 ytech Note Added: 0005155
2010-11-18 10:34 ardit-endian Note Added: 0005157
2010-11-18 10:34 ardit-endian Note Edited: 0005157
2010-11-18 11:12 lorenzo-endian Note Added: 0005158
2010-11-18 11:17 ardit-endian Note Added: 0005159
2010-11-19 14:37 lorenzo-endian Note Added: 0005163
2010-11-19 14:37 lorenzo-endian Status feedback => closed
2010-11-19 14:37 lorenzo-endian Resolution open => fixed
2010-11-19 14:37 lorenzo-endian Fixed in Version => 2.4.1

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker