• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PfSense2.3RC - snort installation error

2.3-RC Snapshot Feedback and Issues - ARCHIVED
5
13
7.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cremesk
    last edited by Apr 2, 2016, 8:47 AM

    Hallo,

    i have upgrade my pfSense2.2.6 maschine to pfSense2.3RC.
    I think the process was successfully and fast! :D

    The New Version is soo very Great! Thanks for this nice work! :D

    After the upgrade all works fine, but when i reinstall snort i see this:

    
Executing custom_php_resync_config_command()...

PHP ERROR: Type: 1, File: /usr/local/pkg/snort/snort.inc, Line: 3867, Message: Call to undefined function XML_RPC_encode()pkg: POST-INSTALL script failed
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

    FULL LOG:

    
pkg install pfSense-pkg-snort-3.2.9.1_7 snort-2.9.8.0
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	pfSense-pkg-snort: 3.2.9.1_7 [pfSense]
	snort: 2.9.8.0 [pfSense]
	libnet: 1.1.6_3,1 [pfSense]
	daq: 2.0.6 [pfSense]
	libdnet: 1.12_1 [pfSense]
	barnyard2: 1.13 [pfSense]
	broccoli: 1.97,1 [pfSense]
	mysql56-client: 5.6.27 [pfSense]

The process will require 54 MiB more space.

Proceed with this action? [y/N]: y
[1/8] Installing libdnet-1.12_1...
[1/8] Extracting libdnet-1.12_1: 100%
[2/8] Installing broccoli-1.97,1...
[2/8] Extracting broccoli-1.97,1: 100%
[3/8] Installing mysql56-client-5.6.27...
[3/8] Extracting mysql56-client-5.6.27: 100%
[4/8] Installing libnet-1.1.6_3,1...
[4/8] Extracting libnet-1.1.6_3,1: 100%
[5/8] Installing daq-2.0.6...
[5/8] Extracting daq-2.0.6: 100%
[6/8] Installing barnyard2-1.13...
[6/8] Extracting barnyard2-1.13: 100%
[7/8] Installing snort-2.9.8.0...
[7/8] Extracting snort-2.9.8.0: 100%
[8/8] Installing pfSense-pkg-snort-3.2.9.1_7...
[8/8] Extracting pfSense-pkg-snort-3.2.9.1_7: 100%
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected.
Migrating settings to new configuration... done.
Downloading Snort VRT rules md5 file... done.
Checking Snort VRT rules md5 file... done.
Snort VRT rules are current. No update required.
Downloading Snort OpenAppID detectors md5 file... done.
Checking Snort OpenAppID detectors md5 file... done.
Snort OpenAppID detectors are current. No update required.
Downloading Snort GPLv2 Community Rules md5 file... done.
Checking Snort GPLv2 Community Rules md5 file... done.
There is a new set of Snort GPLv2 Community Rules posted.
Downloading community-rules.tar.gz... 100% done.
Downloading Emerging Threats Open rules md5 file... done.
Checking Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted.
Downloading emerging.rules.tar.gz... 100% done.
Installing Snort GPLv2 Community Rules... done.
Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
Updating rules configuration for: WAN ... done.
Updating rules configuration for: WAN2 ... done.
Cleaning up temp dirs and files... done.
The Rules update has finished.
Generating snort.conf configuration file from saved settings.
Generating configuration for WAN...
 done.
Generating configuration for WAN2...
 done.
Generating snort.sh script in /usr/local/etc/rc.d/... done.
Finished rebuilding Snort configuration files.
done.
Executing custom_php_resync_config_command()...

PHP ERROR: Type: 1, File: /usr/local/pkg/snort/snort.inc, Line: 3867, Message: Call to undefined function XML_RPC_encode()pkg: POST-INSTALL script failed
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be 
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
Message from barnyard2-1.13:
Read the notes in the barnyard2.conf file for how to configure
/usr/local/etc/barnyard2.conf after installation.  For addtional information
see the Securixlive FAQ at http://www.securixlive.com/barnyard2/faq.php.

In order to enable barnyard2 to start on boot, you must edit /etc/rc.conf
with the appropriate flags, etc.  See the FreeBSD Handbook for syntax:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html

For the various options available, type % barnyard2 -h after install or read
the options in the startup script - in /usr/local/etc/rc.d.

Barnyard2 can process unified2 files from snort or suricata.  It can also
interact with snortsam firewall rules as well as the sguil-sensor. Those
ports must be installed separately if you wish to use them.

************************************************************************
Message from snort-2.9.8.0:
=========================================================================
Snort uses rcNG startup script and must be enabled via /etc/rc.conf
Please see /usr/local/etc/rc.d/snort
for list of available variables and their description.
Configuration files are located in /usr/local/etc/snort directory.

Please note that, by default, snort will truncate packets larger than the
default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
Stream5 target-based reassembly.  It is recommended to disable LRO, if
your card supports it.

This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
=========================================================================
Message from pfSense-pkg-snort-3.2.9.1_7:
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.

    Thank you for Help!

    ​​Kind Regards,
    Sven

    1 Reply Last reply Reply Quote 0
    • C
      cremesk
      last edited by Apr 4, 2016, 1:15 PM

      in the upgrade process to version: pfSense-pkg-snort-3.2.9.1_8 / snort-2.9.8.0 have i the same error..

      1 Reply Last reply Reply Quote 0
      • B
        bmeeks
        last edited by Apr 5, 2016, 1:15 AM

        The fix for this error is in the next package update (will be version 3.2.9.1_9 when it is posted).  It is caused by a missing include file.  Don't know if I accidentally deleted the line somewhere during the Bootstrap conversion or if it was getting included by other system files that have since changed and no longer include the xml_rpc_client.inc file.

        Bill

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Apr 5, 2016, 5:02 AM

          That's been merged, should show up in a few minutes. Thanks Bill!

          1 Reply Last reply Reply Quote 0
          • A
            Abhishek
            last edited by Apr 5, 2016, 7:56 AM

            Did upgrade from stable to RC now , now i am having issue updating snort updates

            security 3.2.9.1_9

            
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03	snort	96563	[120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

            2.3-RC (amd64)
            built on Mon Apr 04 17:09:32 CDT 2016
            FreeBSD 10.3-RELEASE
            Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

            darkstat 3.1.2_1
            Lightsquid 3.0.3_1
            mailreport 3.0_1
            pfBlockerNG 2.0.9_1  
            RRD_Summary 1.3.1_2
            snort 3.2.9.1_9  
            squid 0.4.16_1  
            squidGuard 1.14_1
            syslog-ng 1.1.2_2

            1 Reply Last reply Reply Quote 0
            • B
              bmeeks
              last edited by Apr 5, 2016, 12:03 PM

              @Merchant:

              Did upgrade from stable to RC now , now i am having issue updating snort updates

              security 3.2.9.1_9

              
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03	snort	96563	[120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

              This is a different problem.  Wait about an hour or more and try again to be sure it's not a problem on the Snort web site end.  Post back if the issue continues.

              Bill

              1 Reply Last reply Reply Quote 0
              • A
                Abhishek
                last edited by Apr 5, 2016, 12:57 PM Apr 5, 2016, 12:53 PM

                @bmeeks:

                @Merchant:

                Did upgrade from stable to RC now , now i am having issue updating snort updates

                security 3.2.9.1_9

                
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03	snort	96563	[120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

                This is a different problem.  Wait about an hour or more and try again to be sure it's not a problem on the Snort web site end.  Post back if the issue continues.

                Bill

                
Apr 5 18:27:08	check_reload_status		Syncing firewall
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] The Rules update has finished.
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Removed 0 obsoleted rules category files.
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Emerging Threats Open rules are up to date...
Apr 5 18:27:06	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Snort GPLv2 Community Rules file download failed... server returned error '0'...
Apr 5 18:27:06	php-fpm	17273	/snort/snort_download_updates.php: File 'community-rules.tar.gz' download attempts: 4 ...
Apr 5 18:26:56	pfsense.cbdata.local		nginx: 2016/04/05 18:26:56 [error] 57723#0: *11549 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.246, server: , request: "POST /snort/snort_download_updates.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/snort/snort_download_updates.php"
Apr 5 18:26:51	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:51	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:36	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:36	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:21	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:21	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:05	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:05	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:04	php-fpm	17273	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 18:26:03	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 18:26:03	php-fpm	17273	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 18:25:48	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:48	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:33	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:33	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:18	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:18	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:02	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:02	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:01	php-fpm	17273	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 18:25:00	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 18:25:00	php-fpm	17273	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 18:24:45	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:45	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:30	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:30	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:15	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:15	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:00	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:00	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:23:58	php-fpm	17273	/snort/snort_download_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz...

                thank you for replying ,

                tried just now  , still same issue    . I will try doing tomorrow

                2.3-RC (amd64)
                built on Mon Apr 04 17:09:32 CDT 2016
                FreeBSD 10.3-RELEASE
                Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                darkstat 3.1.2_1
                Lightsquid 3.0.3_1
                mailreport 3.0_1
                pfBlockerNG 2.0.9_1  
                RRD_Summary 1.3.1_2
                snort 3.2.9.1_9  
                squid 0.4.16_1  
                squidGuard 1.14_1
                syslog-ng 1.1.2_2

                1 Reply Last reply Reply Quote 0
                • M
                  maverick_slo
                  last edited by Apr 5, 2016, 1:22 PM

                  I just did it without any issue.

                  1 Reply Last reply Reply Quote 0
                  • M
                    maverick_slo
                    last edited by Apr 5, 2016, 1:29 PM

                    Everything is working OK, BUT I got this:

                    amd64
10.3-RELEASE
FreeBSD 10.3-RELEASE #9 51f8df0(RELENG_2_3): Tue Apr  5 03:24:20 CDT 2016     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:165
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:166
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:167
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:168
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:169
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:170
                    1 Reply Last reply Reply Quote 0
                    • C
                      cremesk
                      last edited by Apr 5, 2016, 9:23 PM

                      Okay my installation work fine and my Interface config run..
                      But, i have a enconding problem or some think else.. (see attachment)

                      snort_install_encoding.png
                      snort_install_encoding.png_thumb

                      1 Reply Last reply Reply Quote 0
                      • B
                        bmeeks
                        last edited by Apr 5, 2016, 11:00 PM

                        @cremesk:

                        Okay my installation work fine and my Interface config run..
                        But, i have a enconding problem or some think else.. (see attachment)

                        Where are you located (country)?  It may well be that gettext() is not being called to translate some values.  That page should be simply outputting 10% 20% 30% … 100% showing progress.

                        The whole GUI for manual rules updates in Snort and Suricata needs some work since the move to Bootstrap.  The old system calls for a progress bar output no longer are available, and so I quickly cobbled something together to let the user see some progress.  I am still searching for a better solution.

                        Bill

                        1 Reply Last reply Reply Quote 0
                        • B
                          bmeeks
                          last edited by Apr 5, 2016, 11:09 PM

                          @maverick_slo:

                          Everything is working OK, BUT I got this:

                          amd64
10.3-RELEASE
FreeBSD 10.3-RELEASE #9 51f8df0(RELENG_2_3): Tue Apr  5 03:24:20 CDT 2016     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:165
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:166
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:167
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:168
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:169
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:170

                          I have the fix for this as well.  It's a sort of cosmetic PHP crash.  I used the header() function after some other output was already written to the page, so PHP is correctly complaining about that.

                          If you want to manually fix it while waiting for the permanent fix, do this:

                          Open the file /usr/local/www/snort/snort_download_updates.php in an editor.
                          Find this section (lines 164 through 171) in the file

                          
	// Reload the page to update displayed values
	header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
	header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
	header( 'Cache-Control: no-store, no-cache, must-revalidate' );
	header( 'Cache-Control: post-check=0, pre-check=0', false );
	header( 'Pragma: no-cache' );
	header("Location: /snort/snort_download_updates.php");
	return;

                          Delete those header() lines and add the new line shown so that the new file looks like this:

                          
	// Reload the page to update displayed values
	print '';
	return;

                          Be sure and copy/paste from the text above to be sure the single quotes and double quotes are correct.  Save the change.

                          Bill

                          1 Reply Last reply Reply Quote 0
                          • C
                            cremesk
                            last edited by Apr 6, 2016, 8:05 AM

                            @bmeeks:

                            @cremesk:

                            Okay my installation work fine and my Interface config run..
                            But, i have a enconding problem or some think else.. (see attachment)

                            Where are you located (country)?  It may well be that gettext() is not being called to translate some values.  That page should be simply outputting 10% 20% 30% … 100% showing progress.

                            The whole GUI for manual rules updates in Snort and Suricata needs some work since the move to Bootstrap.  The old system calls for a progress bar output no longer are available, and so I quickly cobbled something together to let the user see some progress.  I am still searching for a better solution.

                            Bill

                            hi,

                            Timezone: ETC/UTC
                            Language: English

                            Thanks for the Problem Description!

                            Sven

                            1 Reply Last reply Reply Quote 0
                            3 out of 13
                            • First post
                              3/13
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.