[RESOLVED] Installing package on PC Engines ALIX.2 v0.99h CF 4G

jimp

@Mike:

PfSense nano works fine with 2.0 (March 22nd version) on alix, and at least one package (sipproxy) works.  I have been using it in a non-critical production environment (home office) for the last 2 weeks with non problem whatsover, EXCEPT for upgrading the NanoBSD 2.0 version to a later one, which I havent succeeded in doing yet and cannot find an error log to help me .

That's a known issue but if you want to start another thread for that, feel free (but I think there are already a couple threads)

JeanNo

Hi,

is returning the same error that may have a post everywhere:

Blinkled works sometime and one day finish doesn't works. Is simple of Package…

Warning: fopen(/usr/local/pkg/blinkled.inc): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1551 Warning: chmod(): No such file or directory in /etc/inc/pkg-utils.inc on line 637 Warning: fopen(/usr/local/bin/blinkled): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1551 Warning: chmod(): No such file or directory in /etc/inc/pkg-utils.inc on line 637 Warning: require_once(/usr/local/pkg/blinkled.inc): failed to open stream: No such file or directory in /etc/inc/pkg-utils.inc on line 654 Fatal error: require_once(): Failed opening required '/usr/local/pkg/blinkled.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/pkg-utils.inc on line 654

For Snort the same and for many package are the same.

Before some update, i can install Snort, Blicked and more. But some as changed.

What in devellopement ??

I'm Works to

PC Engines ALIX.2 v0.99h CF 4G
Pfsense
2.0-BETA1
built on Tue Mar 2 10:47:54 EST 2010

FreeBSD 8.0-STABLE

Regards

Jean-Noël

jimp

1)  March 2 is an old snapshot. Try a new one.

2. Those errors look like the package is not really installed. This shouldn't just happen out of the blue, did you do something before this happened?

3. Updating NanoBSD firmware on 2.0 currently has some problems. Save your config, reflash, restore, then try again. Do not try to use the firmware upload function.

JeanNo

Hi,

The last release as better (17 Avril 4gb). The package works.

We will test more.

THX for your help

regards

Jean-Noël

JeanNo

Hello,

Dashboard Widget: Snort not works.

Warning: Invalid argument supplied for foreach() in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 38

Regards

JNL

jimp

That probably just means you have no snort alerts. (or they moved since the last time the widget was updated). Apparently the widget code doesn't check for that condition very well.

I'd be very careful trying to run snort on an ALIX, too, it doesn't have very much RAM or CPU power to spare.

JeanNo

Hello evrybody

I have some alert like Portscan and the winget doesn't works.

I see on the Snort Site than this program works on the PC engine and is only for Home Use.

But i have a question you or any body.

Wicth the best configuration for the snort on Alix.
And if some body as answer i have one question more.

I can't select than more of 2 rules… The interface can't start...

My States

System Information
Version 2.0-BETA1
built on Sat Apr 17 19:13:58 EDT 2010

FreeBSD 8.0-STABLE

Platform nanobsd
NanoBSD Boot Slice pfsense0 / ad0s1a
CPU Type Geode(TM) Integrated Processor by AMD PCS

Uptime  1 day

Current date/time Wed Apr 21 7:34:09 CEST 2010

Last config change Tue Apr 20 7:51:50 CEST 2010

State table size  467/23000

MBUF Usage 260 /780 
CPU usage      10%
Memory usage      52%
Disk usage      15%

THX for answers

Regards

Jean-Noël

jimp

If you aren't seeing alerts, you may be running snort on the wrong interface. Some things like portscan would only show if you run on WAN and have the proper rules enabled to detect that (and also if the traffic was even allowed; if the traffic is blocked already by firewall rules, snort won't see it, since it's a non-issue)

As for what to run, just pick a small number of rulesets (1-3 maybe) to start with and see what your RAM usage is. You can keep adding rules until your RAM usage gets uncomfortably high but that's really up to you. As long as the box pushed through data fast enough for your network, it should still be OK.

If you want general guidance on snort more than I posted, you should start a new thread with a title that is specific to running snort on ALIX.

JeanNo

Hi,

I can't put more than 3 rules, after the service go down.

My merory doen't exced 40% and cpu 10%

I thing some wrong but where ?

Regards

Jean-Noël

jimp

I'm not sure what the issue might be there. Is that any 3 rules, or are you trying the same ones repeatedly?

It may be an issue with one particular ruleset.

JeanNo

Hi,

• I start the snort with empty rules (ok)
• I check 3 rules (ok)
  The service and interface are OK (up)
• I check one more rules (in total 4 rules checked).
• The interface and services go Down.

I can't only check 3 rules after the snort doesn't works.

My memory and CPU is not to busy (about 10-20% for the cpu and 30-40% of memory used)

I thing i do something false or the snort can works correctly to Alix.

But on the Snort site the minimum Hardware for works Snort is an Alix..

Regards

Jean-Noël

jimp

Do you see any errors in the system log when it fails to load?

JeanNo

Hi,

i make different setup and i can put many rulles.

the service is up.

Do you known if exist notification when the service go down via email

thx for your help

regards

jnl

jimp

2.0 has e-mail notifications but as far as I know, there are no packages that support sending notifications in this way.