Snort update failed



  • Tried to install an update for my snort package with this result-

    >>> Upgrading pfSense-pkg-snort... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-pkg-snort: 3.2.9.6_1 -> 3.2.9.7_1 [pfSense]
    
    Number of packages to be upgraded: 1
    [1/1] Upgrading pfSense-pkg-snort from 3.2.9.6_1 to 3.2.9.7_1...
    [1/1] Extracting pfSense-pkg-snort-3.2.9.7_1: .......... done
    Removing snort components...
    Menu items... done.
    Services... done.
    Loading package instructions...
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/APACHE20
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/LICENSE
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/catalog.mk
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/www/snort/snort_download_rules.php
    pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.1ku3gHgsaxql -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory
    Failed
    
    

    Got the same result several times. What do I need to do to install the update?



  • Realized after posting that the same thing happened last time I tried to update snort. I followed the same process I used last time to correct the issue and was able to update successfully, but now snort fails to start. I see the following error in sys log-

    	FATAL ERROR: /usr/local/etc/snort/snort_24478_mvneta1/snort.conf(170) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
    


  • @wgstarks said in Snort update failed:

    Realized after posting that the same thing happened last time I tried to update snort. I followed the same process I used last time to correct the issue and was able to update successfully, but now snort fails to start. I see the following error in sys log-

    	FATAL ERROR: /usr/local/etc/snort/snort_24478_mvneta1/snort.conf(170) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
    

    That file should have been put in the proper location by the installation of the package. Something is not 100% right with pkg on your firewall.



  • @bmeeks I went ahead and deleted the snort package completely (saved settings though) and then installed latest package. Everything seems to be running smoothly now, but I have to wonder why this problem is only happening with snort updates and consistently. I'll see what happens with the next update unless you have some other advice.


Log in to reply