PfSense2.3RC - snort installation error

cremesk

Hallo,

i have upgrade my pfSense2.2.6 maschine to pfSense2.3RC.
I think the process was successfully and fast! :D

The New Version is soo very Great! Thanks for this nice work! :D

After the upgrade all works fine, but when i reinstall snort i see this:

Executing custom_php_resync_config_command()...

PHP ERROR: Type: 1, File: /usr/local/pkg/snort/snort.inc, Line: 3867, Message: Call to undefined function XML_RPC_encode()pkg: POST-INSTALL script failed
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

FULL LOG:

pkg install pfSense-pkg-snort-3.2.9.1_7 snort-2.9.8.0
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	pfSense-pkg-snort: 3.2.9.1_7 [pfSense]
	snort: 2.9.8.0 [pfSense]
	libnet: 1.1.6_3,1 [pfSense]
	daq: 2.0.6 [pfSense]
	libdnet: 1.12_1 [pfSense]
	barnyard2: 1.13 [pfSense]
	broccoli: 1.97,1 [pfSense]
	mysql56-client: 5.6.27 [pfSense]

The process will require 54 MiB more space.

Proceed with this action? [y/N]: y
[1/8] Installing libdnet-1.12_1...
[1/8] Extracting libdnet-1.12_1: 100%
[2/8] Installing broccoli-1.97,1...
[2/8] Extracting broccoli-1.97,1: 100%
[3/8] Installing mysql56-client-5.6.27...
[3/8] Extracting mysql56-client-5.6.27: 100%
[4/8] Installing libnet-1.1.6_3,1...
[4/8] Extracting libnet-1.1.6_3,1: 100%
[5/8] Installing daq-2.0.6...
[5/8] Extracting daq-2.0.6: 100%
[6/8] Installing barnyard2-1.13...
[6/8] Extracting barnyard2-1.13: 100%
[7/8] Installing snort-2.9.8.0...
[7/8] Extracting snort-2.9.8.0: 100%
[8/8] Installing pfSense-pkg-snort-3.2.9.1_7...
[8/8] Extracting pfSense-pkg-snort-3.2.9.1_7: 100%
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected.
Migrating settings to new configuration... done.
Downloading Snort VRT rules md5 file... done.
Checking Snort VRT rules md5 file... done.
Snort VRT rules are current. No update required.
Downloading Snort OpenAppID detectors md5 file... done.
Checking Snort OpenAppID detectors md5 file... done.
Snort OpenAppID detectors are current. No update required.
Downloading Snort GPLv2 Community Rules md5 file... done.
Checking Snort GPLv2 Community Rules md5 file... done.
There is a new set of Snort GPLv2 Community Rules posted.
Downloading community-rules.tar.gz... 100% done.
Downloading Emerging Threats Open rules md5 file... done.
Checking Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted.
Downloading emerging.rules.tar.gz... 100% done.
Installing Snort GPLv2 Community Rules... done.
Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
Updating rules configuration for: WAN ... done.
Updating rules configuration for: WAN2 ... done.
Cleaning up temp dirs and files... done.
The Rules update has finished.
Generating snort.conf configuration file from saved settings.
Generating configuration for WAN...
 done.
Generating configuration for WAN2...
 done.
Generating snort.sh script in /usr/local/etc/rc.d/... done.
Finished rebuilding Snort configuration files.
done.
Executing custom_php_resync_config_command()...

PHP ERROR: Type: 1, File: /usr/local/pkg/snort/snort.inc, Line: 3867, Message: Call to undefined function XML_RPC_encode()pkg: POST-INSTALL script failed
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be 
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
Message from barnyard2-1.13:
Read the notes in the barnyard2.conf file for how to configure
/usr/local/etc/barnyard2.conf after installation.  For addtional information
see the Securixlive FAQ at http://www.securixlive.com/barnyard2/faq.php.

In order to enable barnyard2 to start on boot, you must edit /etc/rc.conf
with the appropriate flags, etc.  See the FreeBSD Handbook for syntax:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html

For the various options available, type % barnyard2 -h after install or read
the options in the startup script - in /usr/local/etc/rc.d.

Barnyard2 can process unified2 files from snort or suricata.  It can also
interact with snortsam firewall rules as well as the sguil-sensor. Those
ports must be installed separately if you wish to use them.

************************************************************************
Message from snort-2.9.8.0:
=========================================================================
Snort uses rcNG startup script and must be enabled via /etc/rc.conf
Please see /usr/local/etc/rc.d/snort
for list of available variables and their description.
Configuration files are located in /usr/local/etc/snort directory.

Please note that, by default, snort will truncate packets larger than the
default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
Stream5 target-based reassembly.  It is recommended to disable LRO, if
your card supports it.

This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
=========================================================================
Message from pfSense-pkg-snort-3.2.9.1_7:
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.

Thank you for Help!

​​Kind Regards,
Sven

cremesk

in the upgrade process to version: pfSense-pkg-snort-3.2.9.1_8 / snort-2.9.8.0 have i the same error..

bmeeks

The fix for this error is in the next package update (will be version 3.2.9.1_9 when it is posted).  It is caused by a missing include file.  Don't know if I accidentally deleted the line somewhere during the Bootstrap conversion or if it was getting included by other system files that have since changed and no longer include the xml_rpc_client.inc file.

Bill

cmb

That's been merged, should show up in a few minutes. Thanks Bill!

Abhishek

Did upgrade from stable to RC now , now i am having issue updating snort updates

security 3.2.9.1_9

Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03	snort	96563	[120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

bmeeks

@Merchant:

Did upgrade from stable to RC now , now i am having issue updating snort updates

security 3.2.9.1_9

Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03	snort	96563	[120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

This is a different problem.  Wait about an hour or more and try again to be sure it's not a problem on the Snort web site end.  Post back if the issue continues.

Bill

Abhishek

@bmeeks:

@Merchant:

Did upgrade from stable to RC now , now i am having issue updating snort updates

security 3.2.9.1_9

Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30	php-fpm	43612	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28	php-fpm	43612	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27	php-fpm	43612	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12	php-fpm	43612	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03	snort	96563	[120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

This is a different problem.  Wait about an hour or more and try again to be sure it's not a problem on the Snort web site end.  Post back if the issue continues.

Bill

Apr 5 18:27:08	check_reload_status		Syncing firewall
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] The Rules update has finished.
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Removed 0 obsoleted rules category files.
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.
Apr 5 18:27:08	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Emerging Threats Open rules are up to date...
Apr 5 18:27:06	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Snort GPLv2 Community Rules file download failed... server returned error '0'...
Apr 5 18:27:06	php-fpm	17273	/snort/snort_download_updates.php: File 'community-rules.tar.gz' download attempts: 4 ...
Apr 5 18:26:56	pfsense.cbdata.local		nginx: 2016/04/05 18:26:56 [error] 57723#0: *11549 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.246, server: , request: "POST /snort/snort_download_updates.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/snort/snort_download_updates.php"
Apr 5 18:26:51	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:51	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:36	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:36	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:21	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:21	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:05	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:05	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:04	php-fpm	17273	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 18:26:03	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 18:26:03	php-fpm	17273	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 18:25:48	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:48	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:33	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:33	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:18	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:18	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:02	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:02	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:01	php-fpm	17273	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 18:25:00	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 18:25:00	php-fpm	17273	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 18:24:45	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:45	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:30	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:30	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:15	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:15	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:00	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:00	php-fpm	17273	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:23:58	php-fpm	17273	/snort/snort_download_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz...

thank you for replying ,

tried just now  , still same issue    . I will try doing tomorrow

maverick_slo

I just did it without any issue.

maverick_slo

Everything is working OK, BUT I got this:

amd64
10.3-RELEASE
FreeBSD 10.3-RELEASE #9 51f8df0(RELENG_2_3): Tue Apr  5 03:24:20 CDT 2016     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:165
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:166
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:167
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:168
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:169
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:170

cremesk

Okay my installation work fine and my Interface config run..
But, i have a enconding problem or some think else.. (see attachment)

bmeeks

@cremesk:

Okay my installation work fine and my Interface config run..
But, i have a enconding problem or some think else.. (see attachment)

Where are you located (country)?  It may well be that gettext() is not being called to translate some values.  That page should be simply outputting 10% 20% 30% … 100% showing progress.

The whole GUI for manual rules updates in Snort and Suricata needs some work since the move to Bootstrap.  The old system calls for a progress bar output no longer are available, and so I quickly cobbled something together to let the user see some progress.  I am still searching for a better solution.

Bill

bmeeks

@maverick_slo:

Everything is working OK, BUT I got this:

amd64
10.3-RELEASE
FreeBSD 10.3-RELEASE #9 51f8df0(RELENG_2_3): Tue Apr  5 03:24:20 CDT 2016     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:165
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:166
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:167
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:168
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:169
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1\. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2\. header() /usr/local/www/snort/snort_download_updates.php:170

I have the fix for this as well.  It's a sort of cosmetic PHP crash.  I used the header() function after some other output was already written to the page, so PHP is correctly complaining about that.

If you want to manually fix it while waiting for the permanent fix, do this:

Open the file /usr/local/www/snort/snort_download_updates.php in an editor.
Find this section (lines 164 through 171) in the file

	// Reload the page to update displayed values
	header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
	header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
	header( 'Cache-Control: no-store, no-cache, must-revalidate' );
	header( 'Cache-Control: post-check=0, pre-check=0', false );
	header( 'Pragma: no-cache' );
	header("Location: /snort/snort_download_updates.php");
	return;

Delete those header() lines and add the new line shown so that the new file looks like this:

	// Reload the page to update displayed values
	print '';
	return;

Be sure and copy/paste from the text above to be sure the single quotes and double quotes are correct.  Save the change.

Bill

cremesk

@bmeeks:

@cremesk:

Okay my installation work fine and my Interface config run..
But, i have a enconding problem or some think else.. (see attachment)

Where are you located (country)?  It may well be that gettext() is not being called to translate some values.  That page should be simply outputting 10% 20% 30% … 100% showing progress.

The whole GUI for manual rules updates in Snort and Suricata needs some work since the move to Bootstrap.  The old system calls for a progress bar output no longer are available, and so I quickly cobbled something together to let the user see some progress.  I am still searching for a better solution.

Bill

hi,

Timezone: ETC/UTC
Language: English

Thanks for the Problem Description!

Sven