Snort 2.9.6.2 pkg v3.1.2 Update – Release Notes
-
Hi,
Since this update, I am facing an error :
php: /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 24394 -D -q -l /var/log/snort/snort_em024394 –pid-path /var/run --nolock-pidfile -G 24394 -c /usr/pbi/snort-i386/etc/snort/snort_24394_em0/snort.conf -i em0' returned exit code '1', the output was ''
snort[43498]: FATAL ERROR: Failed to load /usr/pbi/snort-i386/lib/snort/dynamicrules/file-executable.so: /usr/pbi/snort-i386/lib/snort/dynamicrules/file-executable.so: Shared object has no run-time symbol tableFollowing a post I have tried to de-install / re-install the package… But the error is persistent.
I would like to avoid killing my configuration since It is quite elaborated and complex.
Do you have any idea how to correct this bug without having to delete all created rule set and configuration ?
-
Save settings on deinstall in global settings and then deinstall/reinstall package.
Then it should work
-
Save settings on deinstall in global settings and then deinstall/reinstall package.
Then it should work
It has already been done… and It does not work.
-
Have you rebooted between installations?
-
Have you rebooted between installations?
No - no reboot…
It is a firewall that's in production and rebooting is something I only do upon upgrade.Isn't there any way to avoid this reboot ?
The libraries are linked to the kernel ?
-
Do you run CARP?
If you do then reboot is easy peasy :)
-
no - no CARP !
:'(
-
no - no CARP !
:'(
What installation type is this? Is it a full install on a conventional hard disk, or is it a NanoBSD install on a CF card?
Bill
-
What installation type is this? Is it a full install on a conventional hard disk, or is it a NanoBSD install on a CF card?
It is a nanobsd install.
-
What installation type is this? Is it a full install on a conventional hard disk, or is it a NanoBSD install on a CF card?
It is a nanobsd install.
Try increasing the /tmp partition to 80 MB or even 100 MB. Another user had a similar issue with rule updates and found out his /tmp partition was running out of space. Once the partition is enlarged, try the remove and reinstall step again.
Snort and Suricata really don't play well with NanoBSD because both packages need a lot of disk space and RAM.
Bill
-
Try increasing the /tmp partition to 80 MB or even 100 MB. Another user had a similar issue with rule updates and found out his /tmp partition was running out of space. Once the partition is enlarged, try the remove and reinstall step again.
Snort and Suricata really don't play well with NanoBSD because both packages need a lot of disk space and RAM.
Ok - I will wait a bis since we are planning to upgrade our pfSense to a newer appliance in the coming weeks.
It'll be based on SSD disks… I guess problem should disappear…Thanks very much for your help.
-
Try increasing the /tmp partition to 80 MB or even 100 MB. Another user had a similar issue with rule updates and found out his /tmp partition was running out of space. Once the partition is enlarged, try the remove and reinstall step again.
Snort and Suricata really don't play well with NanoBSD because both packages need a lot of disk space and RAM.
Ok - I will wait a bis since we are planning to upgrade our pfSense to a newer appliance in the coming weeks.
It'll be based on SSD disks… I guess problem should disappear…Thanks very much for your help.
You will be much more satisfied with Snort when you get the SSD setup.
Bill
-
As an update… thanks for the replies guys. I finished the HA cluster upgrade from 2.0.3 to 2.1.5 this morning (everything went perfectly). I definitely didn't want to customize the installation by trying to get snort to work on 2.0.3.