The issue that snort is managed by the system
It should me managed by packetfence.
First disable snort
On Redhat/Centos
chkconfig --del snortd
Debian
update-rc.d snort disable
There also seems to be an issue with perl Moose.
Run the following to find the version
Redhat/Centos
rpm -q perl-Moose
Debian
dpkg -l libmoose-perl
It should be 2.1005 or less
If the run the following.
Redhat/Centos
yum downgrade perl-Moose-2.1005
Debian
This is not a issue on debian
Let me know if this helps.
James Rouzier
[email protected] :: +1.514.755.3630 :: http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://www.packetfence.org)
On 2/6/2014, 11:43 AM, sampath jayashantha wrote:
Dear James,
Please find the requested output.
[root@localhost ~]# /usr/sbin/service snortd status
-bash: /usr/sbin/service: No such file or directory
[root@localhost ~]# service snortd status
snort (pid 15457) is running...
[root@localhost ~]#
[root@localhost ~]# /usr/local/pf/bin/pfcmd service snortd status
Class::MOP::load_class is deprecated at
/usr/lib64/perl5/vendor_perl/Class/MOP.pm line 76.
Class::MOP::load_class("Cache::Memcached") called at
/usr/share/perl5/vendor_perl/CHI/Driver/Memcached/Base.pm line 37
CHI::Driver::Memcached::Base::_build_contained_cache(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0))
called at /usr/share/perl5/vendor_perl/CHI/Driver/Memcached/Base.pm
line 29
CHI::Driver::Memcached::Base::BUILD(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0),
HASH(0x3430348)) called at (eval 367) line 17
CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches::BUILDALL(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0),
HASH(0x3430348)) called at /usr/share/perl5/vendor_perl/Moo/Object.pm
line 52
Moo::Object::BUILDALL(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0),
HASH(0x3430348)) called at
/usr/lib64/perl5/vendor_perl/Moose/Meta/Class.pm line 285
Moose::Meta::Class::new_object(Moose::Meta::Class=HASH(0x3439f40),
HASH(0x3430348)) called at
/usr/lib64/perl5/vendor_perl/Moose/Object.pm line 30
Moose::Object::new("CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__A"...,
"chi_root_class", "pf::CHI", "driver_class", "CHI::Driver::Memcached",
"namespace", "configfiles", "global", 1, ...) called at constructor
CHI::Driver::Memcached::new (defined at
/usr/share/perl5/vendor_perl/CHI/Driver/Memcached.pm line 13) line 4
CHI::Driver::Memcached::new("CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__A"...,
"chi_root_class", "pf::CHI", "driver_class", "CHI::Driver::Memcached",
"namespace", "configfiles", "global", 1, ...) called at (eval 366) line 41
CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches::new("CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__A"...,
"chi_root_class", "pf::CHI", "driver_class", "CHI::Driver::Memcached",
"namespace", "configfiles", "global", 1, ...) called at
/usr/share/perl5/vendor_perl/CHI.pm line 151
CHI::new("pf::CHI", "namespace", "configfiles") called at
/usr/local/pf/lib/pf/config/cached.pm <http://cached.pm> line 748
pf::config::cached::_cache("pf::config::cached") called at
/usr/local/pf/lib/pf/config/cached.pm <http://cached.pm> line 736
pf::config::cached::cache("pf::config::cached") called at
/usr/local/pf/lib/pf/config/cached.pm <http://cached.pm> line 720
pf::config::cached::computeFromPath("pf::config::cached",
"/usr/local/pf/conf/documentation.conf", CODE(0x33fdf38)) called at
/usr/local/pf/lib/pf/config/cached.pm <http://cached.pm> line 376
pf::config::cached::new("pf::config::cached", "-file",
"/usr/local/pf/conf/documentation.conf", "-allowempty", 1,
"-onreload", ARRAY(0x33fde60)) called at
/usr/local/pf/lib/pf/config.pm <http://config.pm> line 451
pf::config::readPfDocConfigFiles() called at
/usr/local/pf/lib/pf/config.pm <http://config.pm> line 378
pf::config::init_config() called at
/usr/local/pf/lib/pf/config.pm <http://config.pm> line 358
pf::config::__ANON__() called at
/usr/share/perl5/vendor_perl/Try/Tiny.pm line 76
eval {...} called at /usr/share/perl5/vendor_perl/Try/Tiny.pm
line 67
Try::Tiny::try(CODE(0x3399618),
Try::Tiny::Catch=REF(0x2fa8660)) called at
/usr/local/pf/lib/pf/config.pm <http://config.pm> line 362
require pf/config.pm <http://config.pm> called at
/usr/local/pf/bin/pfcmd.pl <http://pfcmd.pl> line 81
main::BEGIN() called at /usr/local/pf/lib/pf/config.pm
<http://config.pm> line 0
eval {...} called at /usr/local/pf/lib/pf/config.pm
<http://config.pm> line 0
Usage: pfcmd service <service> [start|stop|restart|status|watch]
stop/stop/restart specified service
status returns PID of specified PF daemon or 0 if not running
watch acts as a service watcher which can send email/restart the services
Services managed by PacketFence:
dhcpd | dhcpd daemon
httpd.webservices| Apache Webservices
httpd.admin | Apache Web admin
httpd.portal | Apache Captive Portal
httpd.proxy | Apache Proxy Interception
pf | all services that should be running based on your
config
pfdetect | PF snort alert parser
pfdhcplistener | PF DHCP monitoring daemon
pfdns | DNS daemon
pfmon | PF ARP monitoring daemon
pfsetvlan | PF VLAN isolation daemon
radiusd | FreeRADIUS daemon
snmptrapd | SNMP trap receiver daemon
snort | Sourcefire Snort IDS
suricata | Suricata IDS
watch
Watch performs services checks to make sure that everything is fine. It's
behavior is controlled by servicewatch configuration parameters. watch is
typically best called from cron with something like:
*/5 * * * * /usr/local/pf/bin/pfcmd service pf watch
On Thu, Feb 6, 2014 at 9:36 PM, James Rouzier <[email protected]
<mailto:[email protected]>> wrote:
sampath,
Can you run the following commands and send me the output
/usr/sbin/service snortd status
/usr/local/pf/bin/pfcmd service snortd status
James
James Rouzier
[email protected] <mailto:[email protected]> ::+1.514.755.3630
<tel:%2B1.514.755.3630> ::http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://www.packetfence.org)
On 2/6/2014, 12:39 AM, sampath jayashantha wrote:
Sorry James,
My mistake. Patching Done successfully. When i start packetfence
i can see that snort is running with commend service snortd status.
But packetfence status show it as
service|shouldBeStarted|pid
memcached|1|16013
httpd.admin|1|16023
httpd.webservices|1|16046
httpd.portal|1|16063
httpd.proxy|0|0
pfdns|1|16093
dhcpd|1|16096
pfdetect|1|16101
snort|1|0
suricata||0
radiusd|1|0
snmptrapd|1|16112
pfsetvlan|1|16116
pfdhcplistener|1|16138 16139 16140
pfmon|1|16165
Is it Normal ????
On Wed, Feb 5, 2014 at 4:51 PM, sampath jayashantha
<[email protected] <mailto:[email protected]>> wrote:
Any update regarding this issue ? I'm also having the same
issue with my packetfence box.
service|shouldBeStarted|pid
memcached|1|11287
httpd.admin|1|11297
httpd.webservices|1|11340
httpd.portal|1|11357
httpd.proxy|0|0
pfdns|1|11387
dhcpd|1|11390
pfdetect|1|11395
snort|0|0
suricata|0|0
radiusd|1|0
snmptrapd|1|11400
pfsetvlan|1|11404
pfdhcplistener|1|11427 11428 11429
pfmon|1|11468
How to enable it ? Any clue.
On Tue, Jan 28, 2014 at 8:44 PM, Carlos Alonso
<[email protected] <mailto:[email protected]>> wrote:
Thank your for your help. These are the answers to your
questions
> Can you post your pf.conf , did you set a monitor
interface ?
>
> Fabrice
Yes I did. The inline interface is also the monitor
interface. This what
I did in PF3.6 and worked perfectly
Is this not posible in PF4.1 ? I have not upgraded, It is
a new
installation though.
XXXX means hidden for security
[general]
domain=XXXX
hostname=nac
dnsservers=XXXX
dhcpservers=192.168.18.1,192.168.19.1,192.168.20.1
locale=es_ES
timezone=Europe/Madrid
[trapping]
range=10.0.0.0/16 <http://10.0.0.0/16>, 192.68.0.0/16
<http://192.68.0.0/16>
detection=enabled
interception_proxy=enabled
[registration]
button_text=Registro
[alerting]
emailaddr=XXXX
smtpserver=XXXX
[database]
pass=XXXX
[captive_portal]
network_detection=disabled
[interface eth0.802]
ip= XXXX
type=management
mask=255.255.255.0
[interface eth0.818]
enforcement=inline
ip=192.168.18.1
type=internal,monitor
mask=255.255.255.0
[interface eth0.819]
enforcement=vlan
ip=192.168.19.1
type=internal
mask=255.255.255.0
[interface eth0.820]
enforcement=vlan
ip=192.168.20.1
type=internal
mask=255.255.255.0
> Can you see if Snort can start when you run it by hand?
>
> /usr/local/bin/snort -d -i eth1 -u root -g snort -c
/etc/snort/snort.conf -l
> /var/log/snort
If I run it by hand it works:
>/usr/sbin/snort -d -i eth0.818 -u root -g snort -c
/etc/snort/snort.conf -l /var/log/snort/
...
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.2.2 IPv6 GRE (Build 121)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2012 Sourcefire, Inc., et al.
Using libpcap version 1.3.0
Using PCRE version: 8.30 2012-02-04
Using ZLIB version: 1.2.7
Rules Engine: SF_SNORT_DETECTION_ENGINE
Version 1.15 <Build 18>
Preprocessor Object: SF_SMTP (IPV6) Version
1.1 <Build 9>
Preprocessor Object: SF_REPUTATION (IPV6)
Version 1.1 <Build 1>
Preprocessor Object: SF_SSLPP (IPV6) Version
1.1 <Build 4>
Preprocessor Object: SF_IMAP (IPV6) Version
1.0 <Build 1>
Preprocessor Object: SF_DNP3 (IPV6) Version
1.1 <Build 1>
Preprocessor Object: SF_SSH (IPV6) Version
1.1 <Build 3>
Preprocessor Object: SF_DCERPC2 (IPV6)
Version 1.0 <Build 3>
Preprocessor Object: SF_SDF (IPV6) Version
1.1 <Build 1>
Preprocessor Object: SF_DNS (IPV6) Version
1.1 <Build 4>
Preprocessor Object: SF_MODBUS (IPV6)
Version 1.1 <Build 1>
Preprocessor Object: SF_POP (IPV6) Version
1.0 <Build 1>
Preprocessor Object: SF_FTPTELNET (IPV6)
Version 1.2 <Build 13>
Preprocessor Object: SF_GTP (IPV6) Version
1.1 <Build 1>
Preprocessor Object: SF_SIP (IPV6) Version
1.1 <Build 1>
Commencing packet processing (pid=2481)
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data
into actionable
security intelligence. It gives you real-time visual
feedback on key
security issues and trends. Skip the complicated setup -
simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê +ð §hårê : Wê Lðvê +ð §hårê
SAM
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê +ð §hårê : Wê Lðvê +ð §hårê
SAM
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê +ð §hårê : Wê Lðvê +ð §hårê
SAM
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
