Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata fails install

    Scheduled Pinned Locked Moved
    pfSense Packages
    3
    7
    81
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TravisH
      last edited by

      Supinely I removed suricata, to try out snort and decided that Suricata seems better but when I go to install it I get the below error:

      Installing pfSense-pkg-suricata...
      Updating pfSense-core repository catalogue...
      Fetching meta.conf:
      Fetching packagesite.pkg:
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      Fetching meta.conf:
      Fetching packagesite.pkg:
      pfSense repository is up to date.
      All repositories are up to date.
      Checking integrity... done (0 conflicting)
      The following 2 package(s) will be affected (of 0 checked):

      New packages to be INSTALLED:
      pfSense-pkg-suricata: 7.0.7 [pfSense]
      suricata: 7.0.7 [pfSense]

      Number of packages to be installed: 2

      The process will require 13 MiB more space.
      [1/2] Installing suricata-7.0.7...
      [1/2] Extracting suricata-7.0.7: .........
      pkg-static: Fail to create /usr/local/etc/suricata:No such file or directory
      [1/2] Extracting suricata-7.0.7... done
      Failed

      I tried doing an rm -rf /usr/local/etc/suricata and tried installing again but still got the same error.

      Any idea what I might be doing wrong?

      Cheers,

      T S 2 Replies Last reply Reply Quote 0
      • T
        TravisH @TravisH
        last edited by

        Doing an ls on that folder gives the below:

        ls: suricata: No such file or directory
        total 1736
        drwxr-xr-x 41 root wheel 2560 Jan 7 00:40 .
        drwxr-xr-x 17 root wheel 512 Jan 7 00:31 ..
        drwxr-xr-x 2 root wheel 512 Jan 7 00:40 .pkgtemp.suricata.08AVRPG9TWd8
        drwxr-xr-x 2 root wheel 512 Jan 7 00:06 .pkgtemp.suricata.DfPhnP3ubUyZ
        drwxr-xr-x 2 root wheel 512 Jan 7 00:09 .pkgtemp.suricata.mIizbZW8LHex
        drwxr-xr-x 2 root wheel 512 Jan 7 00:03 .pkgtemp.suricata.ScU3s6QPguyZ
        drwxr-xr-x 2 root wheel 512 Jan 7 00:04 .pkgtemp.suricata.sPo4YPq2L88A
        drwxr-xr-x 2 root wheel 512 Jan 4 23:33 apcupsd
        drwxr-xr-x 3 root wheel 512 Jul 4 2024 avahi
        drwxr-xr-x 2 root wheel 1024 Jan 5 01:11 bash_completion.d
        drwxr-xr-x 3 root wheel 512 Dec 7 2023 dbus-1
        drwxr-xr-x 2 root wheel 512 Jan 5 01:11 devd
        -rw-r--r-- 1 root wheel 1029 Nov 29 2023 dhclient.conf
        -rw-r--r-- 1 root wheel 1029 Nov 29 2023 dhclient.conf.example
        -rw-r--r-- 1 root wheel 1818 Nov 29 2023 dhcp6c.conf.sample
        -rw-r--r-- 1 root wheel 2130 Nov 29 2023 dhcp6s.conf.sample
        -rw-r--r-- 1 root wheel 1429 Nov 29 2023 dhcpcd.conf
        -rw-r--r-- 1 root wheel 1429 Nov 29 2023 dhcpcd.conf.sample
        -rw-r--r-- 1 root wheel 3266 Nov 29 2023 dhcpd.conf
        -rw-r--r-- 1 root wheel 3266 Nov 29 2023 dhcpd.conf.sample
        -rw-r--r-- 1 root wheel 3360 Nov 29 2023 dhcpd6.conf
        -rw-r--r-- 1 root wheel 3360 Nov 29 2023 dhcpd6.conf.sample
        -rw-r--r-- 1 root wheel 27885 Nov 29 2023 dnsmasq.conf
        -rw-r--r-- 1 root wheel 27885 Nov 29 2023 dnsmasq.conf.sample
        drwxr-xr-x 2 root wheel 512 Jan 5 01:11 freeipmi
        -rw-r--r-- 1 root wheel 231 Dec 9 2023 gnome.subr
        -rw-r--r-- 1 root wheel 1529 Nov 29 2023 igmpproxy.conf
        -rw-r--r-- 1 root wheel 1529 Nov 29 2023 igmpproxy.conf.sample
        -rw-r--r-- 1 root wheel 608 Nov 30 2023 ipsec.conf
        -rw-r--r-- 1 root wheel 608 Nov 30 2023 ipsec.conf.sample
        drwxr-xr-x 10 root wheel 512 Dec 7 2023 ipsec.d
        -rw------- 1 root wheel 48 Nov 30 2023 ipsec.secrets
        -rw------- 1 root wheel 48 Nov 30 2023 ipsec.secrets.sample
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 kea
        -rw-r--r-- 1 root wheel 8678 Nov 29 2023 ldap.conf
        -rw-r--r-- 1 root wheel 8678 Nov 29 2023 ldap.conf.sample
        drwxr-xr-x 4 root wheel 512 Jan 4 23:34 lighttpd
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 man.d
        -rwxr-xr-x 1 root wheel 6885 Nov 29 2023 miniupnpd.conf.sample
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 mpd5
        drwxr-xr-x 2 root wheel 512 Jan 5 01:11 newsyslog.conf.d
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 nginx
        -rw-r--r-- 1 root wheel 9496 Nov 29 2023 nss_ldap.conf
        -rw-r--r-- 1 root wheel 9496 Nov 29 2023 nss_ldap.conf.sample
        drwxr-xr-x 2 root wheel 1024 Jan 5 01:11 nut
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 openldap
        -rw-r--r-- 1 root wheel 45234 Nov 29 2023 opensc.conf
        -rw-r--r-- 1 root wheel 45234 Nov 29 2023 opensc.conf.sample
        -rw-r--r-- 1 root wheel 480 Nov 29 2023 pear.conf
        -rw-r--r-- 1 root wheel 480 Nov 29 2023 pear.conf.sample
        drwxr-xr-x 5 root wheel 512 Dec 7 2023 periodic
        drwxr-xr-x 3 root wheel 512 Jan 7 00:40 pfSense
        drwxr-xr-x 3 root wheel 512 Jan 7 00:40 pfSense-old
        drwxr-xr-x 2 root wheel 2560 Dec 7 2023 php
        -rw-r--r-- 1 root wheel 5335 Nov 29 2023 php-fpm.conf
        -rw-r--r-- 1 root wheel 5335 Nov 29 2023 php-fpm.conf.default
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 php-fpm.d
        -rw-r--r-- 1 root wheel 124 Nov 29 2023 php.conf
        -rw-r--r-- 1 root wheel 1094 Jan 6 23:30 php.ini
        -rw-r--r-- 1 root wheel 73725 Nov 29 2023 php.ini-development
        -rw-r--r-- 1 root wheel 73871 Nov 29 2023 php.ini-production
        drwxr-xr-x 3 root wheel 512 Dec 7 2023 pkg
        -rw-r--r-- 1 root wheel 46 Jan 7 00:40 pkg.conf
        -rw-r--r-- 1 root wheel 2392 Nov 29 2023 pkg.conf.sample
        drwxr-xr-x 2 root wheel 1536 Jan 5 01:11 powerman
        -rw-r--r-- 1 root wheel 3381 Nov 29 2023 radvd.conf
        -rw-r--r-- 1 root wheel 3381 Nov 29 2023 radvd.conf.sample
        drwxr-xr-x 2 root wheel 512 Jan 6 20:23 rc.conf.d
        drwxr-xr-x 2 root wheel 1536 Jan 7 00:40 rc.d
        drwxr-xr-x 2 root wheel 512 Jan 4 23:34 rsync
        -rw-r----- 1 cyrus mail 16384 Dec 7 2023 sasldb2.db
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 scponly
        drwxr-xr-x 2 root wheel 512 Dec 7 2023 smartd_warning.d
        -r-xr-xr-x 1 root wheel 6653 Nov 29 2023 smartd_warning.sh
        -rw-r--r-- 1 root wheel 6057 Nov 29 2023 smartd.conf.sample
        -rw-r--r-- 1 root wheel 158 Jan 6 23:31 sshguard.conf
        -rw-r--r-- 1 root wheel 2586 Nov 29 2023 sshguard.conf.sample
        -rw-r--r-- 1 root wheel 16 Jan 6 23:31 sshguard.whitelist
        drwxr-xr-x 3 root wheel 512 Nov 28 23:13 ssl
        -rw-r--r-- 1 root wheel 281 Nov 30 2023 strongswan.conf
        -rw-r--r-- 1 root wheel 281 Nov 30 2023 strongswan.conf.sample
        drwxr-xr-x 3 root wheel 512 Dec 7 2023 strongswan.d
        drwxr-xr-x 16 root wheel 512 Dec 7 2023 swanctl
        drwxr-xr-x 2 root wheel 512 Jan 5 01:11 syslog.d
        -rw-r--r-- 1 root wheel 3749 Jan 4 22:50 telegraf.ca
        -rw-r--r-- 1 root wheel 632 Jan 4 22:50 telegraf.conf
        drwxr-xr-x 2 unbound wheel 512 Dec 7 2023 unbound
        -rw-r--r-- 1 root wheel 587 Jan 4 22:50 vnstat.conf
        drwx------ 2 root wheel 512 Dec 29 14:13 wireguard
        -rw-r--r-- 1 root wheel 84181 Nov 29 2023 wpa_supplicant.conf
        -rw-r--r-- 1 root wheel 84181 Nov 29 2023 wpa_supplicant.conf.sample
        drwxr-xr-x 3 root wheel 512 Dec 7 2023 xdg

        bmeeksB 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance @TravisH
          last edited by

          @TravisH Just to ask is your disk full?

          What version of pfSense do you have?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          T 1 Reply Last reply Reply Quote 0
          • T
            TravisH @SteveITS
            last edited by

            @SteveITS I have heaps of free space, using about 2%.

            I have been able to install and uninstall other packages, it seems limited to suricata as the specific issue.

            Running lates version 2.7.2-release (it says up to date).

            Cheers,

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @TravisH
              last edited by bmeeks

              @TravisH said in Suricata fails install:

              drwxr-xr-x 2 root wheel 512 Jan 7 00:40 .pkgtemp.suricata.08AVRPG9TWd8
              drwxr-xr-x 2 root wheel 512 Jan 7 00:06 .pkgtemp.suricata.DfPhnP3ubUyZ
              drwxr-xr-x 2 root wheel 512 Jan 7 00:09 .pkgtemp.suricata.mIizbZW8LHex
              drwxr-xr-x 2 root wheel 512 Jan 7 00:03 .pkgtemp.suricata.ScU3s6QPguyZ
              drwxr-xr-x 2 root wheel 512 Jan 7 00:04 .pkgtemp.suricata.sPo4YPq2L88A

              If these are valid directory entries in your screenshot, then they indicate multiple "stuck" package install processes for Suricata. They will all be competing with each other for access to the disk structure. At this point I would reboot the firewall and try again.

              Nothing has changed in the Suricata installation process recently.

              T 1 Reply Last reply Reply Quote 0
              • T
                TravisH @bmeeks
                last edited by

                @bmeeks Thanks for the suggestions, I had rebooted the firewall multiple times, deleted those temp directories and tried again with no luck. Maybe its just something weird with my system (i had done filesystem checks as well but that made no difference).

                Starting to wonder if maybe I should just export the config, do a fresh install and re-import the config and try again (although i am lothed to take that approach if I can avoid it).

                bmeeksB 1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks @TravisH
                  last edited by bmeeks

                  @TravisH said in Suricata fails install:

                  @bmeeks Thanks for the suggestions, I had rebooted the firewall multiple times, deleted those temp directories and tried again with no luck. Maybe its just something weird with my system (i had done filesystem checks as well but that made no difference).

                  Starting to wonder if maybe I should just export the config, do a fresh install and re-import the config and try again (although i am lothed to take that approach if I can avoid it).

                  All I can say is that if there were actual problems with the Suricata package installation process, I would expect to see dozens of posts here all with the same issue. In the past that has been the case when there were actual problems in the Suricata package code. That is not the case now, so that would point to it being something unique to your setup.

                  Those error messages are coming from the pkg utilty itself and not the Suricata package. pkg is the utility that installs all packages on pfSense (and FreeBSD). That utility is encountering some kind of issue on your system.

                  You could try an installation from the command line. That might print some helpful error message ???

                  Try this either at a shell prompt on the firewall on directly on the firewall's console. Do NOT use a shell session from the GUI, though.

                  pkg install pfSense-pkg-suricata

                  See what that does. If any error messages scroll past, post them back here.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.