could not update suricata



  • hi,

    i cannot update suricata. The full log below.
    I'm on 2.4.4-RELEASE-p3 (amd64)

    any help?

    Upgrading pfSense-pkg-suricata...
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):

    Installed packages to be UPGRADED:
    pfSense-pkg-suricata: 4.1.5 -> 4.1.5_2 [pfSense]

    Number of packages to be upgraded: 1
    [1/1] Upgrading pfSense-pkg-suricata from 4.1.5 to 4.1.5_2...
    [1/1] Extracting pfSense-pkg-suricata-4.1.5_2: .......... done
    Removing suricata components...
    Menu items... done.
    Services... done.
    Loading package instructions...
    pfSense-pkg-suricata-4.1.5: missing file /usr/local/share/licenses/pfSense-pkg-suricata-4.1.5/APACHE20
    pfSense-pkg-suricata-4.1.5: missing file /usr/local/share/licenses/pfSense-pkg-suricata-4.1.5/LICENSE
    pfSense-pkg-suricata-4.1.5: missing file /usr/local/share/licenses/pfSense-pkg-suricata-4.1.5/catalog.mk
    pkg-static: Fail to rename /var/db/suricata/sidmods/.disablesid-sample.conf.IiWyAJmdX0K3 -> /var/db/suricata/sidmods/disablesid-sample.conf:No such file or directory
    Failed



  • That type of error indicates something went wrong in the pkg utility as it downloaded, extracted and attempted to copy the Suricata package's files into their destinations.

    Try installing the package again. Also make sure, if you are using RAM disks, that you have plenty of available space. Check the pfSense system log for any pertinent messages.

    I've installed Suricata multiple times in virtual machines during my development testing and I have never seen that error - not once in several dozens of Suricata installs.



  • @bmeeks this is a vm and always have updated suricata several times without a problem.
    It could be that is a memory issue because in this perio i keep seeing the ram going 90% utilisation...



  • @albgen said in could not update suricata:

    @bmeeks this is a vm and always have updated suricata several times without a problem.
    It could be that is a memory issue because in this perio i keep seeing the ram going 90% utilisation...

    Something is going wrong within the environment. The error messages you posted are coming from pkg, which is the utility used by FreeBSD and pfSense to install other software. The Suricata package itself is not even close to installed at the point you are getting those messages. It is still being unpacked and copied around.

    My bet is either out of disk or out of RAM disk if you have that option enabled. Could be memory. Look in the system log for any indication of a low memory or low disk space condition.



  • @bmeeks what about how to check which process is using ram the most? Should i check with standard freebsd command line or any specific way from pfsense itself?



  • @albgen said in could not update suricata:

    @bmeeks what about how to check which process is using ram the most? Should i check with standard freebsd command line or any specific way from pfsense itself?

    While installing a package in the GUI you would need to use a CLI method via a direct console session or an SSH session. If you change "screens" in the GUI and access a different menu option while a package install is happening it can blow up the PHP session that was installing the package.


Log in to reply