Problem With Snort and Barnyard2 Not Staying Enabled on pfSense
I recently added the Snort package to my pfSense 2.2-RELEASE firewall and setup a remote MySQL database to log the results using barnyard2. I started by setting up a a Snort interface for the WAN, added the categories that I wanted Snort to use, and setup barnyard2 to the database, user and host to log to. The Snort interface came up just fine, however when I added another Snort interface to monitor my LAN I began experiencing problems with either snort or barnyard2 not staying enabled and the results of snort not being sent to the remote MySQL server.
After looking around in the Snort interface configuration under the Interface Barnyard2 tab, I found an option called Disable Signature Reference Table that I needed to make sure was checked on each of the multiple Snort interfaces created.