Snort update failed
-
Tried to install an update for my snort package with this result-
>>> Upgrading pfSense-pkg-snort... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-snort: 3.2.9.6_1 -> 3.2.9.7_1 [pfSense] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-pkg-snort from 3.2.9.6_1 to 3.2.9.7_1... [1/1] Extracting pfSense-pkg-snort-3.2.9.7_1: .......... done Removing snort components... Menu items... done. Services... done. Loading package instructions... pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/APACHE20 pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/LICENSE pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/catalog.mk pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/www/snort/snort_download_rules.php pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.1ku3gHgsaxql -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory Failed
Got the same result several times. What do I need to do to install the update?
-
Realized after posting that the same thing happened last time I tried to update snort. I followed the same process I used last time to correct the issue and was able to update successfully, but now snort fails to start. I see the following error in sys log-
FATAL ERROR: /usr/local/etc/snort/snort_24478_mvneta1/snort.conf(170) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
-
@wgstarks said in Snort update failed:
Realized after posting that the same thing happened last time I tried to update snort. I followed the same process I used last time to correct the issue and was able to update successfully, but now snort fails to start. I see the following error in sys log-
FATAL ERROR: /usr/local/etc/snort/snort_24478_mvneta1/snort.conf(170) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
That file should have been put in the proper location by the installation of the package. Something is not 100% right with pkg on your firewall.
-
@bmeeks I went ahead and deleted the snort package completely (saved settings though) and then installed latest package. Everything seems to be running smoothly now, but I have to wonder why this problem is only happening with snort updates and consistently. I'll see what happens with the next update unless you have some other advice.