0003302: Fail to initialize and update Snort

(0005130)
lorenzo-endian (manager)
2010-11-16 09:30

Hi ytech,

Are you sure that the problem is not the same as this one?

http://bugs.endian.com/view.php?id=3295 [^]

Thanks in advance!

Lo

(0005136)
ytech (reporter)
2010-11-16 13:09

Hi Lo,
I also saw this bug code but just today gmar_87 has inserted the same comments that is the same problem that i m having.

(0005138)
lorenzo-endian (manager)
2010-11-16 14:38

Hi ytec,

while waiting for a definitive solution, here is a workaround:

http://bugs.endian.com/view.php?id=3292 [^]

Thanks

Lo

(0005141)
lorenzo-endian (manager)
2010-11-16 16:30

Hello ytech,

there are new rules available on Emerging Threats, which run fine for me.

Please donwload them using the "Automatically fetch SNORT rules" flag.

Thanks for a feedback!

Lo

(0005143)
ytech (reporter)
2010-11-16 17:43

Lo
Thanks but the same error appears

An error occured while starting SNORT! Please check the logs for further information

and at the system log:

Nov 16 15:41:42 snort[32486] Initializing rule chains...
Nov 16 15:41:42 snort[32486] Warning: /etc/snort/processed.rules(30) => threshold (in rule) is deprecated; use detection_filter instead.
Nov 16 15:41:47 snort[32486] FATAL ERROR: /etc/snort/processed.rules(6637): Couldn't resolve hostname 208.73.210.74.52

(0005144)
pwizard (reporter)
2010-11-17 01:39

Hello ytech,
The same problem.

(0005151)
lorenzo-endian (manager)
2010-11-17 11:09

Hi ytech and pwizard,

are you using the Automatically fetch SNORT rules" flag?

Other users who were experiencing the same problem solved it with this trick...

(0005155)
ytech (reporter)
2010-11-17 16:02

Hello Lo.

I solve the problem doing these steps bellow :

1- Turno off the IDS at the web menu and/or and command line.
2- Download mannualy the latest rules.
3- Turn on the service trought the web painel without mark the flag to automatically fech the rules.
4- Import the rule downloaded at the step 2.
5- Reboot the firewall.
6- Mark the flag to fech automatically and click down to upgrade and restart.

I could repeat these steps to have sure that the things will work.

Just one extra bug. everything at the proxy, ids and firewall tabs that i change when i apply it appears for infite time for exemple "IDS Service is restarting" and other services with the related messages. I think that is only a problem at the frontend because the services, rules and others are applied.

(0005157)
ardit-endian (developer)
2010-11-18 10:34
edited on: 2010-11-18 10:34

FATAL ERROR: /etc/snort/processed.rules(11) => 'fast_pattern' does not take an argument (reported 2 times until now with the last snort update)

(0005158)
lorenzo-endian (manager)
2010-11-18 11:12

hi ardit,

i have completed now the update using the "automatic fetch rules" feature and snort restarts without errors.

Are you still using the tar.gz downloaded from emergingthreats?

thanks a lot

Lo

(0005159)
ardit-endian (developer)
2010-11-18 11:17

Yes , can you release the update with the correct rules for the 2.3-1 also?

Regards.

(0005163)
lorenzo-endian (manager)
2010-11-19 14:37

Hi ytech,

we released this week an update which solve this problem even for the 2.3.1.

Please feel free to open another ticket if the problem arises again.

Thanks a lot!

Lo

Notes
(0005130) lorenzo-endian (manager) 2010-11-16 09:30	Hi ytech, Are you sure that the problem is not the same as this one? http://bugs.endian.com/view.php?id=3295 [^] Thanks in advance! Lo

(0005136) ytech (reporter) 2010-11-16 13:09	Hi Lo, I also saw this bug code but just today gmar_87 has inserted the same comments that is the same problem that i m having.

(0005138) lorenzo-endian (manager) 2010-11-16 14:38	Hi ytec, while waiting for a definitive solution, here is a workaround: http://bugs.endian.com/view.php?id=3292 [^] Thanks Lo

(0005141) lorenzo-endian (manager) 2010-11-16 16:30	Hello ytech, there are new rules available on Emerging Threats, which run fine for me. Please donwload them using the "Automatically fetch SNORT rules" flag. Thanks for a feedback! Lo

(0005143) ytech (reporter) 2010-11-16 17:43	Lo Thanks but the same error appears An error occured while starting SNORT! Please check the logs for further information and at the system log: Nov 16 15:41:42 snort[32486] Initializing rule chains... Nov 16 15:41:42 snort[32486] Warning: /etc/snort/processed.rules(30) => threshold (in rule) is deprecated; use detection_filter instead. Nov 16 15:41:47 snort[32486] FATAL ERROR: /etc/snort/processed.rules(6637): Couldn't resolve hostname 208.73.210.74.52

(0005144) pwizard (reporter) 2010-11-17 01:39	Hello ytech, The same problem.

(0005151) lorenzo-endian (manager) 2010-11-17 11:09	Hi ytech and pwizard, are you using the Automatically fetch SNORT rules" flag? Other users who were experiencing the same problem solved it with this trick...

(0005155) ytech (reporter) 2010-11-17 16:02	Hello Lo. I solve the problem doing these steps bellow : 1- Turno off the IDS at the web menu and/or and command line. 2- Download mannualy the latest rules. 3- Turn on the service trought the web painel without mark the flag to automatically fech the rules. 4- Import the rule downloaded at the step 2. 5- Reboot the firewall. 6- Mark the flag to fech automatically and click down to upgrade and restart. I could repeat these steps to have sure that the things will work. Just one extra bug. everything at the proxy, ids and firewall tabs that i change when i apply it appears for infite time for exemple "IDS Service is restarting" and other services with the related messages. I think that is only a problem at the frontend because the services, rules and others are applied.

(0005157) ardit-endian (developer) 2010-11-18 10:34 edited on: 2010-11-18 10:34	FATAL ERROR: /etc/snort/processed.rules(11) => 'fast_pattern' does not take an argument (reported 2 times until now with the last snort update)

(0005158) lorenzo-endian (manager) 2010-11-18 11:12	hi ardit, i have completed now the update using the "automatic fetch rules" feature and snort restarts without errors. Are you still using the tar.gz downloaded from emergingthreats? thanks a lot Lo

(0005159) ardit-endian (developer) 2010-11-18 11:17	Yes , can you release the update with the correct rules for the 2.3-1 also? Regards.

(0005163) lorenzo-endian (manager) 2010-11-19 14:37	Hi ytech, we released this week an update which solve this problem even for the 2.3.1. Please feel free to open another ticket if the problem arises again. Thanks a lot! Lo

Issue History
Date Modified	Username	Field	Change
2010-11-16 02:12	ytech	New Issue
2010-11-16 09:30	lorenzo-endian	Note Added: 0005130
2010-11-16 09:30	lorenzo-endian	Assigned To	=> lorenzo-endian
2010-11-16 09:30	lorenzo-endian	Status	new => feedback
2010-11-16 13:09	ytech	Note Added: 0005136
2010-11-16 14:38	lorenzo-endian	Note Added: 0005138
2010-11-16 14:38	lorenzo-endian	Relationship added	duplicate of 0003292
2010-11-16 16:30	lorenzo-endian	Note Added: 0005141
2010-11-16 17:43	ytech	Note Added: 0005143
2010-11-17 01:39	pwizard	Note Added: 0005144
2010-11-17 11:09	lorenzo-endian	Note Added: 0005151
2010-11-17 16:02	ytech	Note Added: 0005155
2010-11-18 10:34	ardit-endian	Note Added: 0005157
2010-11-18 10:34	ardit-endian	Note Edited: 0005157
2010-11-18 11:12	lorenzo-endian	Note Added: 0005158
2010-11-18 11:17	ardit-endian	Note Added: 0005159
2010-11-19 14:37	lorenzo-endian	Note Added: 0005163
2010-11-19 14:37	lorenzo-endian	Status	feedback => closed
2010-11-19 14:37	lorenzo-endian	Resolution	open => fixed
2010-11-19 14:37	lorenzo-endian	Fixed in Version	=> 2.4.1

Please see now our new Bugtracker system: JIRA