Snort package doesn't install binary?
-
I'm pretty new to all this, but I've installed the latest development version:
2.1-DEVELOPMENT (i386) built on Sat Apr 7 21:25:07 EDT 2012 FreeBSD 8.3-RC2And I'm having some problems trying to install the Snort package. (Services: Snort 2.9.1 pkg v. 2.1.1) It installs successfully, I can configure it with my oink code, it updates, everything looks good from the GUI, but the service never starts.
Trying to start the service from ssh gives:
# /usr/local/etc/rc.d/snort.sh start rm: /var/run/snort_28873_em0.pid: No such file or directory /usr/local/etc/rc.d/snort.sh: /usr/local/bin/snort: not foundSo, it looks like it can't find the actual snort binary. I've looked myself and it doesn't seem to be there.
# find / | grep snort | grep bin /usr/local/bin/snort_rename.plInterestingly, pkg-info says:
bsdinstaller-2.0.2011.1212 BSD Installer mega-package gettext-0.18.1.1 GNU gettext package grub-0.97_4 GRand Unified Bootloader libiconv-1.13.1_1 A character set conversion libraryYet, I have the following packages installed:
cron, file manager, ntop, open-vm-tools-8.8.1, pfblocker, widescreenI've tried uninstalling it and reinstalling it several times, nothing seems out of place from the GUI, no errors given anywhere including the system log. Here's the log entries (newest to oldest) since the last install of the package:
Apr 8 12:05:12 SnortStartup[12863]: Snort HARD START For 28873_em0... Apr 8 11:45:00 SnortStartup[53809]: Snort HARD START For 28873_em0... Apr 8 10:32:11 SnortStartup[15202]: Interface Rule START for 0_28873_em0... Apr 8 10:32:11 SnortStartup[10904]: Toggle for 28873_em0... Apr 8 10:32:04 check_reload_status: Syncing firewall Apr 8 10:30:11 check_reload_status: Syncing firewall Apr 8 10:29:27 check_reload_status: Syncing firewall Apr 8 10:29:27 check_reload_status: Reloading filter Apr 8 10:29:17 check_reload_status: Syncing firewall Apr 8 10:29:16 php: /pkg_mgr_install.php: Beginning package installation for snort .Anyone know what's going on here?
-
IMHO I would not start with a Dev version. You'll not know if you are running into a transient bug or a config issue.
Make sure that you are FireFox for install and uninstall. Try re-installing the package.
-
Since packages were changed over to PBIs, a few of them have binary issues still. They'll be fixed as time permits.
-
So, in case anyone else has installed the dev version and wants snort, the way I managed to get it installed is by uninstalling everything, then installing an older, TBZ based version from the shell, then installing the current package from the web UI.
pkg_add -r http://files.pfsense.com/packages/8/All/snort-2.9.0.5_1.tbzI'm not sure if that's a good idea - it's still using the 2.9.0.5 binary - but it does in fact seem to work. I don't have a "categories" or "rules" tab in the snort configuration such as I see in documentation, but I don't know if that's normal or not.