Snort package doesn't install binary?

pseudolobster

I'm pretty new to all this, but I've installed the latest development version:

2.1-DEVELOPMENT (i386)
built on Sat Apr 7 21:25:07 EDT 2012
FreeBSD 8.3-RC2

And I'm having some problems trying to install the Snort package. (Services: Snort 2.9.1 pkg v. 2.1.1) It installs successfully, I can configure it with my oink code, it updates, everything looks good from the GUI, but the service never starts.

Trying to start the service from ssh gives:

# /usr/local/etc/rc.d/snort.sh start
rm: /var/run/snort_28873_em0.pid: No such file or directory
/usr/local/etc/rc.d/snort.sh: /usr/local/bin/snort: not found

So, it looks like it can't find the actual snort binary. I've looked myself and it doesn't seem to be there.

# find / | grep snort | grep bin
/usr/local/bin/snort_rename.pl

Interestingly, pkg-info says:

bsdinstaller-2.0.2011.1212 BSD Installer mega-package
gettext-0.18.1.1    GNU gettext package
grub-0.97_4         GRand Unified Bootloader
libiconv-1.13.1_1   A character set conversion library

Yet, I have the following packages installed:
cron, file manager, ntop, open-vm-tools-8.8.1, pfblocker, widescreen

I've tried uninstalling it and reinstalling it several times, nothing seems out of place from the GUI, no errors given anywhere including the system log. Here's the log entries (newest to oldest) since the last install of the package:

Apr 8 12:05:12 	SnortStartup[12863]: Snort HARD START For 28873_em0...
Apr 8 11:45:00 	SnortStartup[53809]: Snort HARD START For 28873_em0...
Apr 8 10:32:11 	SnortStartup[15202]: Interface Rule START for 0_28873_em0...
Apr 8 10:32:11 	SnortStartup[10904]: Toggle for 28873_em0...
Apr 8 10:32:04 	check_reload_status: Syncing firewall
Apr 8 10:30:11 	check_reload_status: Syncing firewall
Apr 8 10:29:27 	check_reload_status: Syncing firewall
Apr 8 10:29:27 	check_reload_status: Reloading filter
Apr 8 10:29:17 	check_reload_status: Syncing firewall
Apr 8 10:29:16 	php: /pkg_mgr_install.php: Beginning package installation for snort .

Anyone know what's going on here?

mibovrd

IMHO I would not start with a Dev version. You'll not know if you are running into a transient bug or a config issue.

Make sure that you are FireFox for install and uninstall. Try re-installing the package.

cmb

Since packages were changed over to PBIs, a few of them have binary issues still. They'll be fixed as time permits.

pseudolobster

So, in case anyone else has installed the dev version and wants snort, the way I managed to get it installed is by uninstalling everything, then installing an older, TBZ based version from the shell, then installing the current package from the web UI.

pkg_add -r http://files.pfsense.com/packages/8/All/snort-2.9.0.5_1.tbz

I'm not sure if that's a good idea - it's still using the 2.9.0.5 binary - but it does in fact seem to work. I don't have a "categories" or "rules" tab in the snort configuration such as I see in documentation, but I don't know if that's normal or not.