Snort Stable 2.9.2.3 pkg v. 2.2 Failed
-
[2.0.1-RELEASE][admin@pfsense.lan]/root(17): pkg_add -f http://files.pfsense.org/packages/8/All/libpcap-1.1.1.tbz
Fetching http://files.pfsense.org/packages/8/All/libpcap-1.1.1.tbz… Done.
[2.0.1-RELEASE][admin@pfsense.lan]/root(18): pkg_add -f http://files.pfsense.org/packages/8/All/libpcap-1.1.1_1.tbz
Fetching http://files.pfsense.org/packages/8/All/libpcap-1.1.1_1.tbz… Done.
[2.0.1-RELEASE][admin@pfsense.lan]/root(19): /usr/local/bin/snort
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layout
[2.0.1-RELEASE][admin@pfsense.lan]/root(20)::(
-
pkg_info
what libpcap shows installed?
on my boxes I only show libpcap-1.1.1_1
you could try deleting any other ones with pkg_delete
-
I have:
libpcap-1.1.1 Ubiquitous network traffic capture library libpcap-1.1.1_1 Ubiquitous network traffic capture library libpcap-1.2.1 Ubiquitous network traffic capture libraryI tried to delete libpcap-1.2.1 but daq-0.6.2 depends on it. Deleting libpcap-1.1.1 (not _1) makes no difference at all.
UPDATE: Did a pkg_delete -f libpcap-1.2.1, then reinstalled libpcap-1.1.1_1 and still same error as always:
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layout -
The issue with old code that is present when you uypgrade to a new version will be there even when you reinstall since the damage from old code will be done.
Feadin,
that is why for 2.1 we are moving to PBIs to make especially this dependency issues go away once and for good.
For now you have to clean your environment from other packages you have as well and reinstall again. -
Snort Stable 2.9.2.3 pkg v. 2.2.1 (AMD64) won't start
After removing Snort Snort Stable 2.9.2.3 pkg v. 2.2 and reinstalling Snort Stable 2.9.2.3 pkg v. 2.2.1 snort won't start.
No messages in the system log, only "Jun 15 08:58:09 pfsense SnortStartup[46856]: Snort HARD START For xxxxx_em1…"Tried removing, rebooting, reinstalling, same issue.
(Only had snort widget as an added package.) -
Same for my case!
Snort Stable 2.9.2.3 pkg v. 2.2.1 (AMD64) won't start
If I try to start the snort from Services menu, I get this in System logs
- SnortStartup[43771]: Snort HARD START For 49607_em1…
From snort interface - start, I get this message,
- SnortStartup[24252]: Interface Rule START for 0_40330_em1…
- SnortStartup[59413]: Toggle for 40330_em1…
But services and snort interface shows that snort is not running.
Pfsense 2.0.1-RELEASE (amd64)
-
If you do not get anything on the system logs probably the package did not install at all!?
Is the snort binary installed? -
@ermal:
If you do not get anything on the system logs probably the package did not install at all!?
Is the snort binary installed?How do I check for that? I'm a total FreeBSD noob :)
-
I added explicit dependencies on the package instalaltion so it pulls the right packages needed.
Can you try after 10 minutes from this post and see? -
I tried installation once again. But still same problem. ???
-
Same here with fresh installation on a Virtualbox VM running
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011FreeBSD 8.1-RELEASE-p6
Only log line generated: SnortStartup[48564]: Snort HARD START For 23366_em1…
I only did basic settings and installed + configured snort with 1 rule category selected.
-
@ermal:
Has anyone else noticed on their Snort > Blocked (tab) that the ALERT DESCRIPTION next to each IP now says "N/A" instead of displaying a full description as it has in the past?
I've confirmed under Snort > Global Settings, my Alert file description type = FULL.
Is there any way to restore this functionality so that full alert description is listed?
It should work on latest version 2.2.1
This is still not working in the latest version 2.2.1
-
pfSense 2.1-BETA0 (amd64) built on Thu Jun 14 14:23:20 EDT 2012
snort 2.9.2.3 pkg v. 2.2.1snort will not start.
System Log:
Jun 15 07:56:44 snort[49817]: FATAL ERROR: /usr/local/etc/snort/snort_39668_em0/snort.conf(324) Unknown output plugin: "alert_pf"
Jun 15 07:56:44 snort[49817]: FATAL ERROR: /usr/local/etc/snort/snort_39668_em0/snort.conf(324) Unknown output plugin: "alert_pf" -
@ermal
Snort Stable 2.9.2.3 pkg v. 2.2.1 (AMD64)
Tried running snort from shell:
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layout -
Was daq-0.6.2.tbz introduced recently? Since daq depends on libpcap-1.2.1 and snort on libpcap-1.1.1_1 maybe that be the source of the problems? I don't know if libdnet uses libpcap or daq (at time of compilation or later), but if it does maybe there is the issue.
-
Been running Snort 2.9.2.3 pkg v. 2.2 (AMD64) for more than 2 full days. Everything appears to be working properly, with the exception of the dashboard widget, which I noted in an earlier post. However, it now appears that Snort is shutting down and not restarting twice-a-day. I suspect this coincides with my 12 hour update update schedule, but I can't confirm since update attempts are not logged. The shutdowns leave no log entries either.
I am able to restart Snort manually after these incidents.
Can anyone confirm this behavior on another system?
-
@ermal:
The issue with old code that is present when you upgrade to a new version will be there even when you reinstall since the damage from old code will be done.
Feadin,
that is why for 2.1 we are moving to PBIs to make especially this dependency issues go away once and for good.
For now you have to clean your environment from other packages you have as well and reinstall again.So, my question is… how does one clean the environment to stop this error:
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layout(e.g. what do I uninstall and install to stop this?)
-
Been running Snort 2.9.2.3 pkg v. 2.2 (AMD64) for more than 2 full days. Everything appears to be working properly, with the exception of the dashboard widget, which I noted in an earlier post. However, it now appears that Snort is shutting down and not restarting twice-a-day. I suspect this coincides with my 12 hour update update schedule, but I can't confirm since update attempts are not logged. The shutdowns leave no log entries either.
I am able to restart Snort manually after these incidents.
Can anyone confirm this behavior on another system?
I had this problem. It appears to have been a problem with the cron job that deletes blocked ip's after a set time. I fixed it by going into the general tab and selecting never, then saved, then reselected the amount of time I wanted and clicked save again. This deleted and recreated the cron job. When this was happen there was nothing in the logs either.
-
Just an update. I installed a clean pfSense 2.0.1 on a new VM, right after that I installed the snort package and it says the usual (screenshot attached)
 -
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layoutIs it possible that the 32bit version got put in the 64 repo for the latest snort package?
I could be way off base and I apologize if I'm making more noise than you need right now to fix this.
I am not much in the way of a freebsd coder.
BTW: Thank you for the attention you guys are giving this. I (the company I work for) paid for pfsense support for a couple of boxes so far and paid for 2 sensors of snort.
As soon as I can, I'll be personally buying some beer and chips for a couple of you guys via your "donate" buttons.