Dear James,
Thank you for the reply. I downgraded the perl Moos as you said. and
deleted the snortd from chkconfig. Then i manually stoped the snortd. After
that, i started the snotd via packetfence. Seems like snortd is starting
with pd. but when i check the status via pf it says snort is not running.
when i checked it with service command it says snort is running. Little bit
sonfusion. seems like pf is starting snort correctly. but it dosent detect
the status of snort correctly. am i right ?
[root@localhost raddb]# service snortd status
snort is stopped
[root@localhost raddb]# rpm -q perl-Moose
perl-Moose-2.1005-1.of.el6.x86_64
[root@localhost raddb]# chkconfig --list snortd
service snortd supports chkconfig, but is not referenced in any runlevel
(run 'chkconfig --add snortd')
[root@localhost raddb]# /usr/local/pf/bin/pfcmd service snort status
service|shouldBeStarted|pid
snort|1|0
[root@localhost raddb]# /usr/local/pf/bin/pfcmd service snort start
service|command
memcached|already started
httpd.admin|already started
Checking configuration sanity...
WARNING - SCAN: The use of OpenVas as a scanning engine require to fill the
scan.openvas_configid field in pf.conf
pfdetect|already started
Spawning daemon child...
My daemon child 20487 lives...
Daemon parent exiting
snort|not started
[root@localhost raddb]# service snortd status
snort (pid 20487) is running...
[root@localhost raddb]#
On Fri, Feb 7, 2014 at 12:16 AM, James Rouzier <[email protected]> wrote:
> The issue that snort is managed by the system
>
> It should me managed by packetfence.
>
> First disable snort
>
> On Redhat/Centos
> chkconfig --del snortd
> Debian
> update-rc.d snort disable
>
> There also seems to be an issue with perl Moose.
> Run the following to find the version
>
> Redhat/Centos
> rpm -q perl-Moose
> Debian
> dpkg -l libmoose-perl
>
> It should be 2.1005 or less
>
> If the run the following.
> Redhat/Centos
> yum downgrade perl-Moose-2.1005
> Debian
> This is not a issue on debian
>
> Let me know if this helps.
>
>
>
>
> James [email protected] :: +1.514.755.3630 :: http://www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://www.packetfence.org)
>
> On 2/6/2014, 11:43 AM, sampath jayashantha wrote:
>
> Dear James,
>
> Please find the requested output.
>
> [root@localhost ~]# /usr/sbin/service snortd status
> -bash: /usr/sbin/service: No such file or directory
>
> [root@localhost ~]# service snortd status
> snort (pid 15457) is running...
> [root@localhost ~]#
>
>
> [root@localhost ~]# /usr/local/pf/bin/pfcmd service snortd status
> Class::MOP::load_class is deprecated at
> /usr/lib64/perl5/vendor_perl/Class/MOP.pm line 76.
> Class::MOP::load_class("Cache::Memcached") called at
> /usr/share/perl5/vendor_perl/CHI/Driver/Memcached/Base.pm line 37
>
> CHI::Driver::Memcached::Base::_build_contained_cache(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0))
> called at /usr/share/perl5/vendor_perl/CHI/Driver/Memcached/Base.pm line 29
>
> CHI::Driver::Memcached::Base::BUILD(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0),
> HASH(0x3430348)) called at (eval 367) line 17
>
> CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches::BUILDALL(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0),
> HASH(0x3430348)) called at /usr/share/perl5/vendor_perl/Moo/Object.pm line
> 52
>
> Moo::Object::BUILDALL(CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches=HASH(0x343a0f0),
> HASH(0x3430348)) called at /usr/lib64/perl5/vendor_perl/Moose/Meta/Class.pm
> line 285
> Moose::Meta::Class::new_object(Moose::Meta::Class=HASH(0x3439f40),
> HASH(0x3430348)) called at /usr/lib64/perl5/vendor_perl/Moose/Object.pm
> line 30
>
> Moose::Object::new("CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__A"...,
> "chi_root_class", "pf::CHI", "driver_class", "CHI::Driver::Memcached",
> "namespace", "configfiles", "global", 1, ...) called at constructor
> CHI::Driver::Memcached::new (defined at
> /usr/share/perl5/vendor_perl/CHI/Driver/Memcached.pm line 13) line 4
>
> CHI::Driver::Memcached::new("CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__A"...,
> "chi_root_class", "pf::CHI", "driver_class", "CHI::Driver::Memcached",
> "namespace", "configfiles", "global", 1, ...) called at (eval 366) line 41
>
> CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__AND__CHI::Driver::Role::HasSubcaches::new("CHI::Driver::Memcached__WITH__CHI::Driver::Role::Universal__A"...,
> "chi_root_class", "pf::CHI", "driver_class", "CHI::Driver::Memcached",
> "namespace", "configfiles", "global", 1, ...) called at
> /usr/share/perl5/vendor_perl/CHI.pm line 151
> CHI::new("pf::CHI", "namespace", "configfiles") called at
> /usr/local/pf/lib/pf/config/cached.pm line 748
> pf::config::cached::_cache("pf::config::cached") called at
> /usr/local/pf/lib/pf/config/cached.pm line 736
> pf::config::cached::cache("pf::config::cached") called at
> /usr/local/pf/lib/pf/config/cached.pm line 720
> pf::config::cached::computeFromPath("pf::config::cached",
> "/usr/local/pf/conf/documentation.conf", CODE(0x33fdf38)) called at
> /usr/local/pf/lib/pf/config/cached.pm line 376
> pf::config::cached::new("pf::config::cached", "-file",
> "/usr/local/pf/conf/documentation.conf", "-allowempty", 1, "-onreload",
> ARRAY(0x33fde60)) called at /usr/local/pf/lib/pf/config.pm line 451
> pf::config::readPfDocConfigFiles() called at /usr/local/pf/lib/pf/
> config.pm line 378
> pf::config::init_config() called at
> /usr/local/pf/lib/pf/config.pmline 358
> pf::config::__ANON__() called at
> /usr/share/perl5/vendor_perl/Try/Tiny.pm line 76
> eval {...} called at /usr/share/perl5/vendor_perl/Try/Tiny.pm line
> 67
> Try::Tiny::try(CODE(0x3399618), Try::Tiny::Catch=REF(0x2fa8660))
> called at /usr/local/pf/lib/pf/config.pm line 362
> require pf/config.pm called at /usr/local/pf/bin/pfcmd.pl line 81
> main::BEGIN() called at /usr/local/pf/lib/pf/config.pm line 0
> eval {...} called at /usr/local/pf/lib/pf/config.pm line 0
> Usage: pfcmd service <service> [start|stop|restart|status|watch]
>
> stop/stop/restart specified service
> status returns PID of specified PF daemon or 0 if not running
> watch acts as a service watcher which can send email/restart the services
>
> Services managed by PacketFence:
> dhcpd | dhcpd daemon
> httpd.webservices| Apache Webservices
> httpd.admin | Apache Web admin
> httpd.portal | Apache Captive Portal
> httpd.proxy | Apache Proxy Interception
> pf | all services that should be running based on your
> config
> pfdetect | PF snort alert parser
> pfdhcplistener | PF DHCP monitoring daemon
> pfdns | DNS daemon
> pfmon | PF ARP monitoring daemon
> pfsetvlan | PF VLAN isolation daemon
> radiusd | FreeRADIUS daemon
> snmptrapd | SNMP trap receiver daemon
> snort | Sourcefire Snort IDS
> suricata | Suricata IDS
>
> watch
> Watch performs services checks to make sure that everything is fine. It's
> behavior is controlled by servicewatch configuration parameters. watch is
> typically best called from cron with something like:
> */5 * * * * /usr/local/pf/bin/pfcmd service pf watch
>
>
>
> On Thu, Feb 6, 2014 at 9:36 PM, James Rouzier <[email protected]> wrote:
>
>> sampath,
>>
>> Can you run the following commands and send me the output
>>
>> /usr/sbin/service snortd status
>>
>> /usr/local/pf/bin/pfcmd service snortd status
>>
>>
>> James
>>
>> James [email protected] :: +1.514.755.3630 ::
>> http://www.inverse.ca
>>
>>
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://www.packetfence.org)
>>
>> On 2/6/2014, 12:39 AM, sampath jayashantha wrote:
>>
>> Sorry James,
>>
>> My mistake. Patching Done successfully. When i start packetfence i can
>> see that snort is running with commend service snortd status.
>>
>> But packetfence status show it as
>> service|shouldBeStarted|pid
>> memcached|1|16013
>> httpd.admin|1|16023
>> httpd.webservices|1|16046
>> httpd.portal|1|16063
>> httpd.proxy|0|0
>> pfdns|1|16093
>> dhcpd|1|16096
>> pfdetect|1|16101
>> snort|1|0
>> suricata||0
>> radiusd|1|0
>> snmptrapd|1|16112
>> pfsetvlan|1|16116
>> pfdhcplistener|1|16138 16139 16140
>> pfmon|1|16165
>>
>>
>> Is it Normal ????
>>
>>
>> On Wed, Feb 5, 2014 at 4:51 PM, sampath jayashantha
>> <[email protected]>wrote:
>>
>>>
>>> Any update regarding this issue ? I'm also having the same issue with
>>> my packetfence box.
>>>
>>> service|shouldBeStarted|pid
>>> memcached|1|11287
>>> httpd.admin|1|11297
>>> httpd.webservices|1|11340
>>> httpd.portal|1|11357
>>> httpd.proxy|0|0
>>> pfdns|1|11387
>>> dhcpd|1|11390
>>> pfdetect|1|11395
>>> snort|0|0
>>> suricata|0|0
>>> radiusd|1|0
>>> snmptrapd|1|11400
>>> pfsetvlan|1|11404
>>> pfdhcplistener|1|11427 11428 11429
>>> pfmon|1|11468
>>>
>>>
>>> How to enable it ? Any clue.
>>>
>>>
>>>
>>> On Tue, Jan 28, 2014 at 8:44 PM, Carlos Alonso <[email protected]>wrote:
>>>
>>>> Thank your for your help. These are the answers to your questions
>>>>
>>>>
>>>> > Can you post your pf.conf , did you set a monitor interface ?
>>>> >
>>>> > Fabrice
>>>> Yes I did. The inline interface is also the monitor interface. This
>>>> what
>>>> I did in PF3.6 and worked perfectly
>>>> Is this not posible in PF4.1 ? I have not upgraded, It is a new
>>>> installation though.
>>>>
>>>> XXXX means hidden for security
>>>>
>>>> [general]
>>>> domain=XXXX
>>>> hostname=nac
>>>> dnsservers=XXXX
>>>> dhcpservers=192.168.18.1,192.168.19.1,192.168.20.1
>>>> locale=es_ES
>>>> timezone=Europe/Madrid
>>>> [trapping]
>>>> range=10.0.0.0/16, 192.68.0.0/16
>>>> detection=enabled
>>>> interception_proxy=enabled
>>>> [registration]
>>>> button_text=Registro
>>>> [alerting]
>>>> emailaddr=XXXX
>>>> smtpserver=XXXX
>>>> [database]
>>>> pass=XXXX
>>>> [captive_portal]
>>>> network_detection=disabled
>>>>
>>>> [interface eth0.802]
>>>> ip= XXXX
>>>> type=management
>>>> mask=255.255.255.0
>>>>
>>>> [interface eth0.818]
>>>> enforcement=inline
>>>> ip=192.168.18.1
>>>> type=internal,monitor
>>>> mask=255.255.255.0
>>>>
>>>> [interface eth0.819]
>>>> enforcement=vlan
>>>> ip=192.168.19.1
>>>> type=internal
>>>> mask=255.255.255.0
>>>>
>>>> [interface eth0.820]
>>>> enforcement=vlan
>>>> ip=192.168.20.1
>>>> type=internal
>>>> mask=255.255.255.0
>>>>
>>>>
>>>> > Can you see if Snort can start when you run it by hand?
>>>> >
>>>> > /usr/local/bin/snort -d -i eth1 -u root -g snort -c
>>>> /etc/snort/snort.conf -l
>>>> > /var/log/snort
>>>>
>>>> If I run it by hand it works:
>>>> >/usr/sbin/snort -d -i eth0.818 -u root -g snort -c
>>>> /etc/snort/snort.conf -l /var/log/snort/
>>>> ...
>>>> --== Initialization Complete ==--
>>>>
>>>> ,,_ -*> Snort! <*-
>>>> o" )~ Version 2.9.2.2 IPv6 GRE (Build 121)
>>>> '''' By Martin Roesch & The Snort Team:
>>>> http://www.snort.org/snort/snort-team
>>>> Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>>>> Using libpcap version 1.3.0
>>>> Using PCRE version: 8.30 2012-02-04
>>>> Using ZLIB version: 1.2.7
>>>>
>>>> Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15
>>>> <Build 18>
>>>> Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9>
>>>> Preprocessor Object: SF_REPUTATION (IPV6) Version 1.1
>>>> <Build 1>
>>>> Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4>
>>>> Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1>
>>>> Preprocessor Object: SF_DNP3 (IPV6) Version 1.1 <Build 1>
>>>> Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3>
>>>> Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build
>>>> 3>
>>>> Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1>
>>>> Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4>
>>>> Preprocessor Object: SF_MODBUS (IPV6) Version 1.1 <Build 1>
>>>> Preprocessor Object: SF_POP (IPV6) Version 1.0 <Build 1>
>>>> Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2
>>>> <Build 13>
>>>> Preprocessor Object: SF_GTP (IPV6) Version 1.1 <Build 1>
>>>> Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1>
>>>> Commencing packet processing (pid=2481)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> WatchGuard Dimension instantly turns raw network data into actionable
>>>> security intelligence. It gives you real-time visual feedback on key
>>>> security issues and trends. Skip the complicated setup - simply import
>>>> a virtual appliance and go from zero to informed in seconds.
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> ..........................................................................................
>>>
>>> There is always some one who know more Than us out there.
>>>
>>> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>>>
>>>
>>>
>>> SAM
>>>
>>
>>
>>
>> --
>>
>> ..........................................................................................
>>
>> There is always some one who know more Than us out there.
>>
>> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>>
>>
>>
>> SAM
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the
>> Whitepaper.http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the Whitepaper.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
>
> ..........................................................................................
>
> There is always some one who know more Than us out there.
>
> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>
>
>
> SAM
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the
> Whitepaper.http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
SAM
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
