Latest update to Snort fails in latest Snapshot relesae.
-
Not sure if this is the correct form. Also I notice the LCDProc (sp?) service needs to be manually kicked at startup. Previously it would start on it's own.
Here is when I get when I attempt to update snort.
Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-pkg-snort from 3.2.9.1_14 to 3.2.9.2_15…
[1/1] Extracting pfSense-pkg-snort-3.2.9.2_15: …....... done
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
pfSense-pkg-snort-3.2.9.1_14: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.1_14/ESF
pfSense-pkg-snort-3.2.9.1_14: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.1_14/LICENSE
pfSense-pkg-snort-3.2.9.1_14: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.1_14/catalog.mk
pkg: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.7fIjLmPa5J7e -> /var/db/snort/sidmods/disablesid-sample.conf: No such file or directory
Failed -
What version of pfSense are you running? If it is 2.3.x, then is it a NanoBSD variant? If you are running 2.4-BETA, do you have a RAM disk configured? Some new features around RAM disks for /var were added to 2.4-BETA.
If you are running 2.4-BETA, I would suggest posting this issue in the 2.4 Snapshots forum.
Bill
-
What version of pfSense are you running? If it is 2.3.x, then is it a NanoBSD variant? If you are running 2.4-BETA, do you have a RAM disk configured? Some new features around RAM disks for /var were added to 2.4-BETA.
If you are running 2.4-BETA, I would suggest posting this issue in the 2.4 Snapshots forum.
Bill
I guess I should have saw this coming…
To clarify I am using 2.3.3.a.20170115.0304. After updating to this version last night I noticed Snort was missing from my firewall. I went to service and noticed there was an update, when I push the update button I get the posted error message (above). The previous snapshot has Snort working just fine, though I hadn't gotten around to setting it up as I was looking for more info, etc.
The whole memory/NanoFreeBSD thing I find a bit odd. Bust since you want to know, I am using a Firebox XTM 5 series with a Intel 9450 QC, 4GB of RAM and a 275GB SSD. I don't thing there is a memory problem as I am only using 1% of the HD. about 14% of the RAM. :)
My firebox was setup initially using the stable version of pfSense but later because I wanted to take the easy route to getting the LCDproc app installed so I installed the Dev Snapsot.
Would be nice to get Snort working again so I can finally use it. :)
Thanks,
-
What version of pfSense are you running? If it is 2.3.x, then is it a NanoBSD variant? If you are running 2.4-BETA, do you have a RAM disk configured? Some new features around RAM disks for /var were added to 2.4-BETA.
If you are running 2.4-BETA, I would suggest posting this issue in the 2.4 Snapshots forum.
Bill
I guess I should have saw this coming…
To clarify I am using 2.3.3.a.20170115.0304. After updating to this version last night I noticed Snort was missing from my firewall. I went to service and noticed there was an update, when I push the update button I get the posted error message (above). The previous snapshot has Snort working just fine, though I hadn't gotten around to setting it up as I was looking for more info, etc.
The whole memory/NanoFreeBSD thing I find a bit odd. Bust since you want to know, I am using a Firebox XTM 5 series with a Intel 9450 QC, 4GB of RAM and a 275GB SSD. I don't thing there is a memory problem as I am only using 1% of the HD. about 14% of the RAM. :)
My firebox was setup initially using the stable version of pfSense but later because I wanted to take the easy route to getting the LCDproc app installed so I installed the Dev Snapsot.
Would be nice to get Snort working again so I can finally use it. :)
Thanks,
I have not tested Snort or Suricata specifically with the 2.3.3 snapshots. I've been concentrating on the 2.4 snapshots.
Bill
-
I have the same issue here with my pfSense running at 2.3.2-Release-p1 and same on my development pfSense:
>>> Upgrading pfSense-pkg-snort... Updating pfSense-core repository catalogue... pfSense-core repository is up-to-date. Updating pfSense repository catalogue... pfSense repository is up-to-date. All repositories are up-to-date. pfSense-kernel-pfSense-2.3.2_1 is locked and may not be modified Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-snort: 3.2.9.2_15 -> 3.2.9.2_16 [pfSense] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-pkg-snort from 3.2.9.2_15 to 3.2.9.2_16... [1/1] Extracting pfSense-pkg-snort-3.2.9.2_16: .......... done Removing snort components... Menu items... done. Services... done. Loading package instructions... pfSense-pkg-snort-3.2.9.2_15: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.2_15/ESF pfSense-pkg-snort-3.2.9.2_15: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.2_15/LICENSE pfSense-pkg-snort-3.2.9.2_15: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.2_15/catalog.mk pkg: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.ZT6o8O47PXJ7 -> /var/db/snort/sidmods/disablesid-sample.conf: No such file or directory Failed
-
Yeah, remove and reinstall the package.