Hello Fabrice, Seems to work properly, and I believe helps with pfdhcplistner as well.
The other snort issue with services.pm seems to be the daemon order in @ALL_SERVICES. I know I saw in an email sometime ago that snort needs to start after pfdetect. For some reason on a "pfcmd service pf start" command, my snort hangs with the default order, but if I put snort last in the array, it seems to work better. When starting snort by itself (via pfcmd), pfdectect is auto started properly with the original ALL_SERVICES array order. I guess a large difference between my installation and most others is that I'm using several real interfaces - I'm repurposing a Forescout box which has 8 ethernet interfaces, of which I'm using 6 - admin, production, registration, isolation, macdetect and snort monitor Would you advise that I ignore all these interfaces and just trunk it on two or three like most people? Thank you again, Tim On 5/30/13 2:33 PM, "Fabrice DURAND" <[email protected]> wrote: >Good point >https://github.com/inverse-inc/packetfence/commit/16e796fc7fc268176b723eda >866b7a8811217453.patch > > >Thanks > >Le 2013-05-30 13:30, Palmer, Tim a écrit : >> Hi Fabrice, >> >> This patch certainly helps, but when I removed PF entirely and >> reinstalled, configurator failed to load the services screen because >> monitor_int isn't defined. >> >> Too simple? >> 400 >> elsif ($daemon =~ "snort") { >> $pid = 0; >> + return if (! $monitor_int); >> if (-e "$install_dir/var/run/${daemon}_${monitor_int}.pid") { >> >> >> Tim >> >> On 5/30/13 11:32 AM, "Fabrice DURAND" <[email protected]> wrote: >> >>> Hello Tim, >>> can you try this for the pid issue ? >>> >>> >>>https://github.com/inverse-inc/packetfence/commit/6c21c64b2e61a1a4d58456 >>>5b >>> 8f8eeba999f84acb.patch >>> >>> Thanks >>> Fabrice >>> >>> Le 2013-05-29 17:33, Palmer, Tim a écrit : >>>> A fine day to all, >>>> >>>> I've had some problems with snort, and found two issues. I have a hard >>>> time believing there wouldn't be others speaking up if these were real >>>> problems, so I'm suspecting they are related to my situation somehow, >>>> but >>>> I thought I would put them out there anyway just in case. >>>> >>>> PacketFence 4.0.1 >>>> CentOS 6.4 >>>> snort: snort.x86_64 1:2.9.1.2-1.el6 @PacketFence >>>> >>>> 1. snort not seen as running by pf, even when it is, with correct pf >>>> generated conf file and run parameters >>>> 1. Cause pid file name being checked in services.pm line 349 >>>> doesn't match actual pid file name, which is "snort_${interface}.pid", >>>> not >>>> snort.pid >>>> 1. I'm using eth5 for snort monitor so real pid file is >>>> snort_eth5.pid. >>>> 2. Since I don't see an option to snort to set actual pid >>>> file >>>> name (and having the interface in the name could be helpful), I've >>>>done >>>> a >>>> horrible hack to services.pm >>>> diff services.pm services.pm.dist >>>> 348,353c348,349 >>>> < #THP >>>> < if ($daemon eq 'snort'){ >>>> < if (-e >>>>"$install_dir/var/run/${daemon}_eth5.pid"){ >>>> < chomp( $pid = `cat >>>> $install_dir/var/run/${daemon}_eth5.pid`); >>>> < } >>>> < } elsif (-e >>>> "$install_dir/var/run/$daemon.pid") { >>>> --- >>>> > >>>> > if (-e >>>> "$install_dir/var/run/$daemon.pid") { >>>> 3. Gets me running for now without chasing the proper way >>>>to >>>> get >>>> the active snort interface >>>> >>>> 2. Starting snort complains about "Use of uninitialized value in split >>>> at >>>> /usr/local/pf/lib/pf/services/snort.pm line 58." >>>> 1. This seems to come from the defaults sub-hash being cleared >>>>and >>>> not repopulated in the class_set_defaults routine in >>>>violation_config.pm >>>> (line 114) >>>> 2. When services/snort.pm attempts to split >>>> $Violation_Config{'defaults'}{'snort_rules'}, there's no there there, >>>>so >>>> producing the uninitialized value complaint, and the lack of rules >>>> included in var/conf/snort.conf >>>> 3. Another ugly hack "fixes" this: >>>> diff violation_config.pm violation_config.pm.dist >>>> 114,115c114 >>>> < my $default_values; >>>> < # my $default_values = delete >>>> $violations_conf{'defaults'} ; >>>> --- >>>> > my $default_values = delete >>>>$violations_conf{'defaults'} >>>> ; >>>> >>>> Again, I'm sure that somehow these being a problem are due to my setup >>>> and >>>> most certainly my "fixes" are ugly things that will likely break all >>>> kinds >>>> of things, but for the moment they let me get past these problems and >>>>on >>>> to more interesting issues. >>>> >>>> >>>> Thank you for your time, >>>> >>>> Tim Palmer >>>> >>>> >>>> >>>> >>>>----------------------------------------------------------------------- >>>>-- >>>> ----- >>>> Introducing AppDynamics Lite, a free troubleshooting tool for >>>>Java/.NET >>>> Get 100% visibility into your production application - at no cost. >>>> Code-level diagnostics for performance bottlenecks with <2% overhead >>>> Download for free and get started troubleshooting in minutes. >>>> http://p.sf.net/sfu/appdyn_d2d_ap1 >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice Durand >>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>PacketFence >>> (http://packetfence.org) >>> >>> >>> >>>------------------------------------------------------------------------ >>>-- >>> ---- >>> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >>> Get 100% visibility into your production application - at no cost. >>> Code-level diagnostics for performance bottlenecks with <2% overhead >>> Download for free and get started troubleshooting in minutes. >>> http://p.sf.net/sfu/appdyn_d2d_ap1 >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >>------------------------------------------------------------------------- >>----- >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >> Get 100% visibility into your production application - at no cost. >> Code-level diagnostics for performance bottlenecks with <2% overhead >> Download for free and get started troubleshooting in minutes. >> http://p.sf.net/sfu/appdyn_d2d_ap1 >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >-- >Fabrice Durand >[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >(http://packetfence.org) > > >-------------------------------------------------------------------------- >---- >Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >Get 100% visibility into your production application - at no cost. >Code-level diagnostics for performance bottlenecks with <2% overhead >Download for free and get started troubleshooting in minutes. >http://p.sf.net/sfu/appdyn_d2d_ap1 >_______________________________________________ >PacketFence-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
