Suricata package install hangs after PfSense reinstall
-
Take a look in the system log and see if there any messages in there that might point to what's wrong. Post back with your findings.
Bill
-
Thanks for taking a look, Bill. Nothing helpful in the system logs. Here is everything from starting the reinstall to hang:
Jul 3 01:16:31 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Updating rules configuration for: WAN …
Jul 3 01:16:29 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] The Rules update has finished.
Jul 3 01:16:29 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Snort VRT rules are up to date…
Jul 3 01:16:29 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Emerging Threats Open rules are up to date…
Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Downloading and updating configured rule types…
Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Configuration version is current…
Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Checking configuration settings version…
Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Saved settings detected… rebuilding installation with saved settings...
Jul 3 01:16:26 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] GeoIP database update finished.
Jul 3 01:16:23 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Updating the GeoIP country database files…
Jul 3 01:16:23 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Installing free GeoIP country database files…
Jul 3 01:16:06 php-fpm[88756]: /pkg_mgr_install.php: Beginning package installation for suricata . -
I just had to reinstall PfSense 2.2.3 due to some disk issues. …. Any ideas as to what may be causing this hang?
Maybe the disk issues? Did you actually replace the faulty drive?
-
Yeah, sorry. I guess I thought that was implied. I did replace the disk and tested that there are no more issues.
-
Perhaps try
mount -o nosync / -
When you reinstalled, is all the hardware exactly the same save the disk drive? Did your interfaces perhaps change (as in different NIC or what was LAN interface is now WAN and vice-versa)? Suricata and Snort are both vulnerable to problems if the interface physical name is changed. This is because that name is part of the internal UUID both packages use to keep track of interfaces.
The message in the logs indicates the Suricata GUI code is reading your WAN interface configuration from config.xml and trying to generate the YAML configuration file.
Bill
-
-
Perhaps try
mount -o nosync /That did the trick. Thanks so much!
Hmmmm… Could you post what HW are we talking about here? (The forced sync is going away in 2.2.4 anyway, but I find it hard to believe what range of issues this causes.)
-
Sure thing. It's a bare metal install on an HP Proliant DL380 G5 2x 3.0GHz Xeon CPUs with 48GB RAM . The drives are WD 500 GB SATA 2.5" WD5000LPLX in a RAID 1 on the Smart Array P400 card.
-
Hmmm, WTF… There's something badly rotten with UFS.
