Suricata Crashed After PHP Error
-
@NollipfSense said in Suricata Crashed After Update:
@bmeeks said in Suricata Crashed After Update:
ps -ax | grep suricata
I get this when I SSH using console: [2.5.0-DEVELOPMENT][admin@NollipfSense.nollipfsense.lan]/root: ps -ax | grep suricata
23066 0 S+ 0:00.00 grep suricataWhen I used the GUI, I get this:
Suricata is only on the WAN interface and doesn't show under Service tab.
If it doesn't show under SERVICES, then it is not installed (or at least not properly). I thought you said it was installed but not starting.
I feel like we are going around and around in circles here ... ???
You have posted with an awful lot of problems over the last few months with pfSense and its packages. Running pfSense and its packages on a Mac Mini is not ideal; especially with a Thunderbolt interface to hold your network interfaces. Here is an analogy. I can probably haul a yard of loose sand in a Honda Civic, but that vehicle is certainly not optimized for that task, and I can expect some significant difficulties when doing so. In my view, the same thing applies to your hardware setup. You really should move to something more conventional to mimic the hardware pretty much everyone else is using for pfSense.
-
@bmeeks said in Suricata Crashed After Update:
@NollipfSense said in Suricata Crashed After Update:
@bmeeks said in Suricata Crashed After Update:
ps -ax | grep suricata
I get this when I SSH using console: [2.5.0-DEVELOPMENT][admin@NollipfSense.nollipfsense.lan]/root: ps -ax | grep suricata
23066 0 S+ 0:00.00 grep suricataWhen I used the GUI, I get this:
Suricata is only on the WAN interface and doesn't show under Service tab.
If it doesn't show under SERVICES, then it is not installed (or at least not properly). I thought you said it was installed but not starting.
I feel like we are going around and around in circles here ... ???
You have posted with an awful lot of problems over the last few months with pfSense and its packages. Running pfSense and its packages on a Mac Mini is not ideal; especially with a Thunderbolt interface to hold your network interfaces. Here is an analogy. I can probably haul a yard of loose sand in a Honda Civic, but that vehicle is certainly not optimized for that task, and I can expect some significant difficulties when doing so. In my view, the same thing applies to your hardware setup. You really should move to something more conventional to mimic the hardware pretty much everyone else is using for pfSense.
Had hoped you would offer some light on what appears three different process IDs. There are no lots of awful problems ... remember pfSense 2.5 is still under development, and issues arise along the process especially during the installation of daily built. Remember Mac hardware is already optimized for FreeBSD ... it's based foundation and super optimized for Apple OS.
Six months of running pfSense 2.5 with three issues: the first was after the introduction of FreeBSD 12.1 ... that was sorted with a clean install since I had upgraded from pfSense 2.4.4 to 2.5 with FreeBSD 12.0 FreeBDS 12.1 also caused traffic graph (widget) to show because of the new deployment of Netmap ... the second was the maxmind issue again after an update and eventually had to reissue a new key to resolve ... and now the third again after an update and Suricata won't start while the package is referring again to an invalid Maxmind key when I didn't use Maxmind with the IDS/IPS package.
Prior to installing pfSense 2.5-devel, the same hardware had run pfSense 2.4.4 for almost a year without any issues. So, I cannot buy your premise. Things are not expected to run smoothly on a development software continually ... hiccups are bound to happen. It seems time for another clean install of pfSense 2.5-devel.
-
@bmeeks said in Suricata Crashed After Update:
I thought you said it was installed but not starting.
To clarify, I had Suricata installed and running up to this passed Saturday, then the update for Saturday broke Suricata and I share here. The update for Sunday didn't fix the issue nor the update for today. I uninstall Suricata and then reinstall it again. The GUI above shows Suricata and all its resources are together in a folder, yet Suricata is not running nor appear under the Service tab.
-
After more investigation, it appears that the Suricata crash was PHP error indeed. A clean install of the latest pfSense 2.5 and a restored configuration revealed that the GeoLite2 DB update was enabled on Suricata's global settings. However, last May there was a similar PHP error that resulted invalid MaxMind key. That was changed when a reissued key had been applied on June 3rd. So, there should not have been an invalid key on June 27th resulting in crippling Suricata. Since the 27th, there has been issues with PHP and yesterday there had been five or six snapshots each with issues ... others have mentioned the same here: https://forum.netgate.com/topic/154898/2-5-latest-update-issue and here: https://forum.netgate.com/topic/154936/gateway-automatic-seems-to-have-quit-working-saturday-june-27-working-on-later-snap
So, I have disabled GeoLite2 on Suricata because I did not realize I had enabled it and it should not have crippled Suricata. My firewall is back to normal development testing with MaxMind enabled only on pfBlockerNG. I believe the developers might be pressured (self induced) to have a release candidate; however, the update installer should not be posing issues at this stage. The last snapshot update late last night had issues.
