Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] Snort doesn't start after upgrade 3.2.9.6_1 -> 3.2.9.7_2

    IDS/IPS
    2
    4
    764
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      palomar72 last edited by palomar72

      pfSense 2.4.2-RELEASE
      After snort package upgrade I got:

      The command '/usr/local/bin/snort -R 27439 -D -q --suppress-config-log -l /var/log/snort/snort_bge127439 --pid-path /var/run --nolock-pidfil
      e -G 27439 -c /usr/local/etc/snort/snort_27439_bge1/snort.conf -i bge1' returned exit code '1', the output was 'Shared object "libdl.so.1" not found, required by "snort"'
      code
      

      Here is the ouput of the upgrade:

      >>> Upgrading pfSense-pkg-snort... 
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      pfSense repository is up to date.
      All repositories are up to date.
      The following 2 package(s) will be affected (of 0 checked):
      
      Installed packages to be UPGRADED:
      	pfSense-pkg-snort: 3.2.9.6_1 -> 3.2.9.7_2 [pfSense]
      	snort: 2.9.11.1_1 -> 2.9.11.1_2 [pfSense]
      
      Number of packages to be upgraded: 2
      
      1 MiB to be downloaded.
      [1/2] Fetching pfSense-pkg-snort-3.2.9.7_2.txz: .......... done
      [2/2] Fetching snort-2.9.11.1_2.txz: .......... done
      Checking integrity... done (0 conflicting)
      [1/2] Upgrading snort from 2.9.11.1_1 to 2.9.11.1_2...
      [1/2] Extracting snort-2.9.11.1_2: .......... done
      You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
      You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.
      [2/2] Upgrading pfSense-pkg-snort from 3.2.9.6_1 to 3.2.9.7_2...
      [2/2] Extracting pfSense-pkg-snort-3.2.9.7_2: .......... done
      Removing snort components...
      Menu items... done.
      Services... done.
      Loading package instructions...
      Saving updated package information...
      overwrite!
      Loading package configuration... done.
      Configuring package components...
      Loading package instructions...
      Custom commands...
      Executing custom_php_install_command()...Saved settings detected.
      Migrating settings to new configuration... done.
      Downloading Snort Subscriber rules md5 file... done.
      Checking Snort Subscriber rules md5 file... done.
      There is a new set of Snort Subscriber rules posted.
      Downloading snortrules-snapshot-29111.tar.gz... done.
      Downloading Emerging Threats Open rules md5 file... done.
      Checking Emerging Threats Open rules md5 file... done.
      There is a new set of Emerging Threats Open rules posted.
      Downloading emerging.rules.tar.gz... done.
      Installing Snort Subscriber ruleset...Copying md5 signature to snort directory... done.
      Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
      Updating rules configuration for: WAN ... done.
      Cleaning up temp dirs and files... done.
      The Rules update has finished.
      Generating snort.conf configuration file from saved settings.
      Generating configuration for WAN...
       done.
      Generating snort.sh script in /usr/local/etc/rc.d/... done.
      Finished rebuilding Snort configuration files.
      done.
      Executing custom_php_resync_config_command()...
      done.
      Menu items... done.
      Services... done.
      Writing configuration... done.
      Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.Message from snort-2.9.11.1_2:
      
      =========================================================================
      Snort uses rcNG startup script and must be enabled via /etc/rc.conf
      Please see /usr/local/etc/rc.d/snort
      for list of available variables and their description.
      Configuration files are located in /usr/local/etc/snort directory.
      
      Please note that, by default, snort will truncate packets larger than the
      default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
      Stream5 target-based reassembly.  It is recommended to disable LRO, if
      your card supports it.
      
      This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
      =========================================================================
      Message from pfSense-pkg-snort-3.2.9.7_2:
      
      Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.
      >>> Cleaning up cache... done.
      Success
      
      code
      

      Any help?
      Thanks

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You need to upgrade to pfSense 2.4.4. Do not try to load new packages on a release that out of date.

        https://redmine.pfsense.org/issues/8938

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        P 1 Reply Last reply Reply Quote 0
        • P
          palomar72 @jimp last edited by

          @jimp Thank you.
          I am going to upgrade pfSense.

          1 Reply Last reply Reply Quote 0
          • P
            palomar72 last edited by

            Solved upgrading to pfSense 2.4.4

            Thank you

            1 Reply Last reply Reply Quote 0
            • First post
              Last post