Latest update to Snort fails in latest Snapshot relesae.



  • Not sure if this is the correct form. Also I notice the LCDProc (sp?) service needs to be manually kicked at startup. Previously it would start on it's own.

    Here is when I get when I attempt to update snort.

    Number of packages to be upgraded: 1
    [1/1] Upgrading pfSense-pkg-snort from 3.2.9.1_14 to 3.2.9.2_15…
    [1/1] Extracting pfSense-pkg-snort-3.2.9.2_15: …....... done
    Removing snort components...
    Menu items... done.
    Services... done.
    Loading package instructions...
    pfSense-pkg-snort-3.2.9.1_14: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.1_14/ESF
    pfSense-pkg-snort-3.2.9.1_14: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.1_14/LICENSE
    pfSense-pkg-snort-3.2.9.1_14: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.1_14/catalog.mk
    pkg: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.7fIjLmPa5J7e -> /var/db/snort/sidmods/disablesid-sample.conf: No such file or directory
    Failed



  • What version of pfSense are you running?  If it is 2.3.x, then is it a NanoBSD variant?  If you are running 2.4-BETA, do you have a RAM disk configured?  Some new features around RAM disks for /var were added to 2.4-BETA.

    If you are running 2.4-BETA, I would suggest posting this issue in the 2.4 Snapshots forum.

    Bill



  • @bmeeks:

    What version of pfSense are you running?  If it is 2.3.x, then is it a NanoBSD variant?  If you are running 2.4-BETA, do you have a RAM disk configured?  Some new features around RAM disks for /var were added to 2.4-BETA.

    If you are running 2.4-BETA, I would suggest posting this issue in the 2.4 Snapshots forum.

    Bill

    I guess I should have saw this coming…

    To clarify I am using 2.3.3.a.20170115.0304. After updating to this version last night I noticed Snort was missing from my firewall. I went to service and noticed there was an update, when I push the update button I get the posted error message (above). The previous snapshot has Snort working just fine, though I hadn't gotten around to setting it up as I was looking for more info, etc.

    The whole memory/NanoFreeBSD thing I find a bit odd. Bust since you want to know, I am using a Firebox XTM 5 series with a Intel 9450 QC, 4GB of RAM and a 275GB SSD. I don't thing there is a memory problem as I am only using 1% of the HD. about 14% of the RAM. :)

    My firebox was setup initially using the stable version of pfSense but later because I wanted to take the easy route to getting the LCDproc app installed so I installed the Dev Snapsot.

    Would be nice to get Snort working again so I can finally use it. :)

    Thanks,



  • @Smoothrunnings:

    @bmeeks:

    What version of pfSense are you running?  If it is 2.3.x, then is it a NanoBSD variant?  If you are running 2.4-BETA, do you have a RAM disk configured?  Some new features around RAM disks for /var were added to 2.4-BETA.

    If you are running 2.4-BETA, I would suggest posting this issue in the 2.4 Snapshots forum.

    Bill

    I guess I should have saw this coming…

    To clarify I am using 2.3.3.a.20170115.0304. After updating to this version last night I noticed Snort was missing from my firewall. I went to service and noticed there was an update, when I push the update button I get the posted error message (above). The previous snapshot has Snort working just fine, though I hadn't gotten around to setting it up as I was looking for more info, etc.

    The whole memory/NanoFreeBSD thing I find a bit odd. Bust since you want to know, I am using a Firebox XTM 5 series with a Intel 9450 QC, 4GB of RAM and a 275GB SSD. I don't thing there is a memory problem as I am only using 1% of the HD. about 14% of the RAM. :)

    My firebox was setup initially using the stable version of pfSense but later because I wanted to take the easy route to getting the LCDproc app installed so I installed the Dev Snapsot.

    Would be nice to get Snort working again so I can finally use it. :)

    Thanks,

    I have not tested Snort or Suricata specifically with the 2.3.3 snapshots.  I've been concentrating on the 2.4 snapshots.

    Bill



  • I have the same issue here with my pfSense running at 2.3.2-Release-p1 and same on my development pfSense:

    
    >>> Upgrading pfSense-pkg-snort... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up-to-date.
    Updating pfSense repository catalogue...
    pfSense repository is up-to-date.
    All repositories are up-to-date.
    
    pfSense-kernel-pfSense-2.3.2_1 is locked and may not be modified
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-pkg-snort: 3.2.9.2_15 -> 3.2.9.2_16 [pfSense]
    
    Number of packages to be upgraded: 1
    [1/1] Upgrading pfSense-pkg-snort from 3.2.9.2_15 to 3.2.9.2_16...
    [1/1] Extracting pfSense-pkg-snort-3.2.9.2_16: .......... done
    Removing snort components...
    Menu items... done.
    Services... done.
    Loading package instructions...
    pfSense-pkg-snort-3.2.9.2_15: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.2_15/ESF
    pfSense-pkg-snort-3.2.9.2_15: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.2_15/LICENSE
    pfSense-pkg-snort-3.2.9.2_15: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.2_15/catalog.mk
    pkg: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.ZT6o8O47PXJ7 -> /var/db/snort/sidmods/disablesid-sample.conf: No such file or directory
    Failed
    
    

  • Banned

    Yeah, remove and reinstall the package.


Log in to reply