Snort update failed



  • Tried to install an update for my snort package with this result-

    >>> Upgrading pfSense-pkg-snort... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-pkg-snort: 3.2.9.6_1 -> 3.2.9.7_1 [pfSense]
    
    Number of packages to be upgraded: 1
    [1/1] Upgrading pfSense-pkg-snort from 3.2.9.6_1 to 3.2.9.7_1...
    [1/1] Extracting pfSense-pkg-snort-3.2.9.7_1: .......... done
    Removing snort components...
    Menu items... done.
    Services... done.
    Loading package instructions...
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/APACHE20
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/LICENSE
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6_1/catalog.mk
    pfSense-pkg-snort-3.2.9.6_1: missing file /usr/local/www/snort/snort_download_rules.php
    pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.1ku3gHgsaxql -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory
    Failed
    
    

    Got the same result several times. What do I need to do to install the update?



  • Realized after posting that the same thing happened last time I tried to update snort. I followed the same process I used last time to correct the issue and was able to update successfully, but now snort fails to start. I see the following error in sys log-

    	FATAL ERROR: /usr/local/etc/snort/snort_24478_mvneta1/snort.conf(170) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
    


  • @wgstarks said in Snort update failed:

    Realized after posting that the same thing happened last time I tried to update snort. I followed the same process I used last time to correct the issue and was able to update successfully, but now snort fails to start. I see the following error in sys log-

    	FATAL ERROR: /usr/local/etc/snort/snort_24478_mvneta1/snort.conf(170) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.
    

    That file should have been put in the proper location by the installation of the package. Something is not 100% right with pkg on your firewall.



  • @bmeeks I went ahead and deleted the snort package completely (saved settings though) and then installed latest package. Everything seems to be running smoothly now, but I have to wonder why this problem is only happening with snort updates and consistently. I'll see what happens with the next update unless you have some other advice.