Suricata 5.0.2 not starting on 2.4.5
-
I see the same problem: Shared object "libluajit-5.1.so.2" not found, required by "suricata"
-
I see now that I should not have updated Suricate before updating to 2.4.5, it's stated pretty clearly in the docs. Somehow I thought that you should upgrade all packages before upgrading PFSense.
Anyway, uninstalling Suricata and reinstalling it did not solve the problem.
-
I did not update suricata before upgrading to 2.4.5.
Did an uninstall/install but problem persists. -
Are you running on a Netgate appliance? If so, which model?
Your local
pkg
repository database may be confused due to the way in which you upgraded packages first. Not sure how to tell you get out of that quandary. You could try removing Suricata again, then open a shell prompt on the firewall and execute this command:pkg update -f
When that finishes, go back to the GUI and try installing Suricata again.
-
I'm running on a PC Engines APU2
Thanks for the help, removed it, ran the pkg update -f command, and reinstalled it using the GUI. However the issue persist. Here's the install log:>>> Installing pfSense-pkg-suricata... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 17 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-suricata: 5.0.2 [pfSense] suricata: 5.0.2_1 [pfSense] libyaml: 0.2.2 [pfSense] nss: 3.51 [pfSense] nspr: 4.25 [pfSense] cyrus-sasl: 2.1.27 [pfSense] libpcap: 1.9.1_1 [pfSense] libnet: 1.1.6_5,1 [pfSense] py37-yaml: 5.2 [pfSense] jansson: 2.12 [pfSense] hyperscan: 4.7.0_3 [pfSense] hiredis: 0.13.3 [pfSense] barnyard2: 1.13_5 [pfSense] broccoli: 1.101,1 [pfSense] python27: 2.7.17_1 [pfSense] mysql57-client: 5.7.29 [pfSense] protobuf: 3.9.2,1 [pfSense] Number of packages to be installed: 17 The process will require 180 MiB more space. 23 MiB to be downloaded. [1/17] Fetching pfSense-pkg-suricata-5.0.2.txz: .......... done [2/17] Fetching suricata-5.0.2_1.txz: .......... done [3/17] Fetching libyaml-0.2.2.txz: ......... done [4/17] Fetching nss-3.51.txz: .......... done [5/17] Fetching nspr-4.25.txz: .......... done [6/17] Fetching cyrus-sasl-2.1.27.txz: .......... done [7/17] Fetching libpcap-1.9.1_1.txz: .......... done [8/17] Fetching libnet-1.1.6_5,1.txz: .......... done [9/17] Fetching py37-yaml-5.2.txz: .......... done [10/17] Fetching jansson-2.12.txz: ...... done [11/17] Fetching hyperscan-4.7.0_3.txz: .......... done [12/17] Fetching hiredis-0.13.3.txz: .......... done [13/17] Fetching barnyard2-1.13_5.txz: .......... done [14/17] Fetching broccoli-1.101,1.txz: .......... done [15/17] Fetching python27-2.7.17_1.txz: .......... done [16/17] Fetching mysql57-client-5.7.29.txz: .......... done [17/17] Fetching protobuf-3.9.2,1.txz: .......... done Checking integrity... done (0 conflicting) [1/17] Installing nspr-4.25... [1/17] Extracting nspr-4.25: .......... done [2/17] Installing cyrus-sasl-2.1.27... *** Updated user `cyrus'. [2/17] Extracting cyrus-sasl-2.1.27: .......... done [3/17] Installing python27-2.7.17_1... [3/17] Extracting python27-2.7.17_1: .......... done [4/17] Installing protobuf-3.9.2,1... [4/17] Extracting protobuf-3.9.2,1: .......... done [5/17] Installing libyaml-0.2.2... [5/17] Extracting libyaml-0.2.2: ......... done [6/17] Installing nss-3.51... [6/17] Extracting nss-3.51: .......... done [7/17] Installing libpcap-1.9.1_1... [7/17] Extracting libpcap-1.9.1_1: .......... done [8/17] Installing libnet-1.1.6_5,1... [8/17] Extracting libnet-1.1.6_5,1: .......... done [9/17] Installing py37-yaml-5.2... [9/17] Extracting py37-yaml-5.2: .......... done [10/17] Installing jansson-2.12... [10/17] Extracting jansson-2.12: .......... done [11/17] Installing hyperscan-4.7.0_3... [11/17] Extracting hyperscan-4.7.0_3: .......... done [12/17] Installing hiredis-0.13.3... [12/17] Extracting hiredis-0.13.3: .......... done [13/17] Installing broccoli-1.101,1... [13/17] Extracting broccoli-1.101,1: .......... done [14/17] Installing mysql57-client-5.7.29... [14/17] Extracting mysql57-client-5.7.29: .......... done [15/17] Installing suricata-5.0.2_1... [15/17] Extracting suricata-5.0.2_1: .......... done [16/17] Installing barnyard2-1.13_5... [16/17] Extracting barnyard2-1.13_5: ...... done [17/17] Installing pfSense-pkg-suricata-5.0.2... [17/17] Extracting pfSense-pkg-suricata-5.0.2: .......... done ....Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_install_command()...Saved settings detected... Migrating settings to new configuration... done. Downloading Emerging Threats Open rules md5 file...Emerging Threats Open rules md5 error ... Server returned error code 404 Emerging Threats Open rules will not be updated. Downloading Snort VRT rules md5 file... done. There is a new set of Snort rules posted. Downloading... done. Installing Snort rules... done. Updating rules configuration for: WAN ... done. Updating rules configuration for: WHOME ... done. Updating rules configuration for: ELK ... done. Cleaning up after rules extraction... done. The Rules update has finished. Generating suricata.yaml configuration file from saved settings. Generating YAML configuration file for WAN... done. Generating YAML configuration file for WHOME... done. Generating YAML configuration file for ELK... done. Finished rebuilding Suricata configuration from saved settings. Setting package version in configuration file. done. Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. ===== Message from cyrus-sasl-2.1.27: -- You can use sasldb2 for authentication, to add users use: saslpasswd2 -c username If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README NOTE: This port has been compiled with a default pwcheck_method of auxprop. If you want to authenticate your user by /etc/passwd, PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and set sasl_pwcheck_method to saslauthd after installing the Cyrus-IMAPd 2.X port. You should also check the /usr/local/lib/sasl2/*.conf files for the correct pwcheck_method. If you want to use GSSAPI mechanism, install ports/security/cyrus-sasl2-gssapi. If you want to use SRP mechanism, install ports/security/cyrus-sasl2-srp. If you want to use LDAP auxprop plugin, install ports/security/cyrus-sasl2-ldapdb. ===== Message from python27-2.7.17_1: -- Note that some standard Python modules are provided as separate ports as they require additional dependencies. They are available as: bsddb databases/py-bsddb gdbm databases/py-gdbm sqlite3 databases/py-sqlite3 tkinter x11-toolkits/py-tkinter -- ===> NOTICE: This port is deprecated; you may wish to reconsider installing it: EOLed upstream. It is scheduled to be removed on or after 2020-12-31. ===== Message from mysql57-client-5.7.29: -- This is the mysql CLIENT without the server. for complete server and client, please install databases/mysql57-server ===== Message from suricata-5.0.2_1: -- If you want to run Suricata in IDS mode, add to /etc/rc.conf: suricata_enable="YES" suricata_interface="<if>" NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode. However, if you want to run Suricata in Inline IPS Mode in divert(4) mode, add to /etc/rc.conf: suricata_enable="YES" suricata_divertport="8000" NOTE: Suricata won't start in IDS mode without an interface configured. Therefore if you omit suricata_interface from rc.conf, FreeBSD's rc.d/suricata will automatically try to start Suricata in IPS Mode (on divert port 8000, by default). Alternatively, if you want to run Suricata in Inline IPS Mode in high-speed netmap(4) mode, add to /etc/rc.conf: suricata_enable="YES" suricata_netmap="YES" NOTE: Suricata requires additional interface settings in the configuration file to run in netmap(4) mode. RULES: Suricata IDS/IPS Engine comes without rules by default. You should add rules by yourself and set an updating strategy. To do so, please visit: http://www.openinfosecfoundation.org/documentation/rules.html http://www.openinfosecfoundation.org/documentation/emerging-threats.html You may want to try BPF in zerocopy mode to test performance improvements: sysctl -w net.bpf.zerocopy_enable=1 Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf ===== Message from barnyard2-1.13_5: -- Read the notes in the barnyard2.conf file for how to configure /usr/local/etc/barnyard2.conf after installation. For addtional information see the Securixlive FAQ at http://www.securixlive.com/barnyard2/faq.php. In order to enable barnyard2 to start on boot, you must edit /etc/rc.conf with the appropriate flags, etc. See the FreeBSD Handbook for syntax: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html For the various options available, type % barnyard2 -h after install or read the options in the startup script - in /usr/local/etc/rc.d. Barnyard2 can process unified2 files from snort or suricata. It can also interact with snortsam firewall rules as well as the sguil-sensor. Those ports must be installed separately if you wish to use them. >>> Cleaning up cache... done. Success
-
I honesty don't know what could be going on at this point. For another user reporting a different issue this morning, I installed Suricata fresh on a 2.4.5 virtual machine and everything worked fine. And I know it is working for the vast majority of other pfSense users out there.
On pfSense, that particular library requirement is supposed to be satisfied by
luajit-openresty
. I don't see that package being downloaded and installed in your log. -
Just for grins, try this command:
pkg install luajit-openresty-2.1.20190912_2
And then see if Suricata will start.
-
I executed a forced pkg reinstall as explained here: https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#forced-pkg-reinstall .
That seemed to have fixed it. It indeed installed the required package:
[120/199] Fetching luajit-openresty-2.1.20190912_2.txz: 100% 418 KiB 428.4kB/s 00:01
I did not attempt your suggestion to install the luajit package first since I already started the forced reinstall of all packages.
Thanks for the tips!
-
Great!
pkg
was probably confused and thought it had installed it when it actually had not. That's one of the weird things that can happen when the OS version and package version repos are out of sync. Forcingpkg
to reinstall everything resets the board, so to speak. -
pkg install -f luajit-openresty-2.1.20190912_2
forced re-install of the package solved the issue. apparently the package was registered as installed while in reality it wasn't
[1/1] Reinstalling luajit-openresty-2.1.20190912_2...
[1/1] Extracting luajit-openresty-2.1.20190912_2: 100%
[2.4.5-RELEASE][root@firewall-2.dotOne.nl]/root: suricata -V
This is Suricata version 5.0.2 RELEASE