Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort previously installed... and its gone

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 4 Posters 541 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      chumunga
      last edited by chumunga

      I had Snort previously installed, then after setting a side (still powered) for a few days snort is now gone. So, I went to reinstall and now I don't have space, which i believe i do. See below, or is it one of the 100% partitions i need to be concerned about?

      >>> Installing pfSense-pkg-snort... 
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      pfSense repository is up to date.
      All repositories are up to date.
      Checking integrity... done (0 conflicting)
      The following 5 package(s) will be affected (of 0 checked):
      
      Installed packages to be REMOVED:
      	pfSense: 2.4.5_1
      	php72-intl: 7.2.29
      New packages to be INSTALLED:
      	daq: 2.2.2_2 [pfSense]
      	pfSense-pkg-snort: 4.1.2_2 [pfSense]
      	snort: 2.9.16.1 [pfSense]
      
      Number of packages to be removed: 2
      Number of packages to be installed: 3
      
      The process will require 8 MiB more space.
      pkg-static: Cannot delete vital package: pfSense!
      pkg-static: If you are sure you want to remove pfSense, 
      pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense
      Failed
      
      
      df -h
      Filesystem                     Size    Used   Avail Capacity  Mounted on
      /dev/ufsid/5fb34aefd038f2b8    213G    3.1G    193G     2%    /
      devfs                          1.0K    1.0K      0B   100%    /dev
      fdescfs                        1.0K    1.0K      0B   100%    /dev/fd
      procfs                         4.0K    4.0K      0B   100%    /proc
      /dev/md0                       3.4M    108K    3.0M     3%    /var/run
      devfs                          1.0K    1.0K      0B   100%    /var/dhcpd/dev
      
      1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan
        last edited by

        Hi,

        Use the words 'snort' and 'log' and search (here, on this forum) ;)
        Or : did you take care of the log files ?
        Did you look into /var/log/...... and found recent, huge files ;)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          This is nothing to do with drive space, those values all look normal, you have 193GB free space on /.

          The issue is that it's trying to remove the pfSense meta package and failling.

          Do you have 2.4.5p1 installed? Is the package repo set to current release?

          This looks like it might be trying to pull in pkgs from the wrong source. Or maybe it upgraded ti 2.4.5p1 and never rebooted?

          Steve

          1 Reply Last reply Reply Quote 1
          • GertjanG Offline
            Gertjan
            last edited by

            I stand corrected.

            I see now

            1f0a79b1-29de-4495-9688-8487100e66f3-image.png

            as it should be.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • C Offline
              chumunga
              last edited by chumunga

              Thank you all for your input, moral support is valuable during these troubling times. So I did do some Bing'ing and the other one.... Oogle or something ;)

              And came across this command to clean up packages.

              echo y| pkg clean
              The following package files will be deleted:
                      /var/cache/pkg/snort-2.9.16.1.txz
                      /var/cache/pkg/pfSense-pkg-snort-4.1.2_2~6dd9ca24ec.txz
                      /var/cache/pkg/snort-2.9.16.1~9c4fa132a6.txz
                      /var/cache/pkg/pfSense-pkg-snort-4.1.2_2.txz
                      /var/cache/pkg/libdnet-1.13_3~ed771e37af.txz
                      /var/cache/pkg/libdnet-1.13_3.txz
                      /var/cache/pkg/daq-2.2.2_2~2bf1550793.txz
                      /var/cache/pkg/daq-2.2.2_2.txz
                      /var/cache/pkg/pfSense-pkg-squid-0.4.44_35~2812f333a1.txz
                      /var/cache/pkg/squidclamav-7.1~89d3b4efae.txz
                      /var/cache/pkg/pfSense-pkg-squid-0.4.44_35.txz
                      /var/cache/pkg/brotli-1.0.7_2,1.txz
                      /var/cache/pkg/squidclamav-7.1.txz
                      /var/cache/pkg/c-icap-0.5.6,2~6c88f57f1b.txz
                      /var/cache/pkg/c-icap-0.5.6,2.txz
                      /var/cache/pkg/brotli-1.0.7_2,1~ac45e2590a.txz
                      /var/cache/pkg/squid_radius_auth-1.10~46eaa95f5d.txz
                      /var/cache/pkg/squid-4.10~a1c432e53a.txz
                      /var/cache/pkg/squid_radius_auth-1.10.txz
                      /var/cache/pkg/squid-4.10.txz
                      /var/cache/pkg/krb5-1.17.1~2a507aa0e1.txz
                      /var/cache/pkg/krb5-1.17.1.txz
                      /var/cache/pkg/c-icap-modules-0.5.4~159429b314.txz
                      /var/cache/pkg/clamav-0.102.2,1~69112014ad.txz
                      /var/cache/pkg/c-icap-modules-0.5.4.txz
                      /var/cache/pkg/pcre2-10.33~8bd5f96620.txz
                      /var/cache/pkg/clamav-0.102.2,1.txz
                      /var/cache/pkg/arj-3.10.22_8.txz
                      /var/cache/pkg/pcre2-10.33.txz
                      /var/cache/pkg/unzoo-4.4_2~5b229e580b.txz
                      /var/cache/pkg/unzoo-4.4_2.txz
                      /var/cache/pkg/libmspack-0.10.1~7657633fce.txz
                      /var/cache/pkg/arc-5.21p~822e141684.txz
                      /var/cache/pkg/libmspack-0.10.1.txz
                      /var/cache/pkg/arj-3.10.22_8~66049a8aa2.txz
                      /var/cache/pkg/arc-5.21p.txz
              The cleanup will free 8 MiB
              
              Deleting files: 100%g the cache? [y/N]: Deleting files:   0%
              All done
              

              I even tried to search for anything in the /var directory for snort and followed with a find / -name snort -delete.

              ls -lhR /var | grep snort
              find / -name snort -delete 
              

              Even after freeing 15KB's still not enough, but i believe what i actually cleaned out was pkages downloaded that didn't get installed.

              Now I should mention as this may be important, I installed a github package that installs Unifi Controller. But after i installed the unifi package (snort had already been previously installed) i tried to reinstall Snort and failed, so i tried Suricata, which actually installed like a breeze and I am running IDS/IPS : Here is that Ubiquiti Unifi Controller i used, i can say its working but not sure if its related or not : https://github.com/gozoinks/unifi-pfsense

              2064848b-1036-4b73-9c7f-361ee00fe815-image.png

              One last mention I had also previously installed Squid which doesn't show up, which you can see from the clean command, but I don't want to overload this thread. KISS :)

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Yes, that broke your install. It messes with the pkg repo and now it's trying to uninstall pfSense because that doesn't exist there.
                This has nothing to do with drive space.

                I would highly recommend backing up the config and reinstalling at this point. It's impossible to know what may or may not have been installed or uninstalled at this point.

                Steve

                Q 1 Reply Last reply Reply Quote 0
                • Q Offline
                  Quasiguru
                  last edited by

                  I can tell you from being one of the people actively working on this repo, nothing in this script would break your package repo. Do me a favor, check your /usr/local/etc/pkg/repos/pfSense.conf file. Some people have made prior suggestions that FreeBSD: { enabled: yes } should be set to yes. If it is, change it to no. After you do that, then go ahead and restart your PFSense box. That should in fact fix your issues, anytime this gets flipped to yes, it tends to ignore the PFSense repos, which causes issues when installing PFSense packages.

                  09542876-ba87-4bd2-9ed7-f8c9caf62aa2-image.png

                  1 Reply Last reply Reply Quote 0
                  • Q Offline
                    Quasiguru @stephenw10
                    last edited by Quasiguru

                    @stephenw10 said in Snort previously installed... and its gone:

                    Yes, that broke your install. It messes with the pkg repo and now it's trying to uninstall pfSense because that doesn't exist there.
                    This has nothing to do with drive space.

                    I would highly recommend backing up the config and reinstalling at this point. It's impossible to know what may or may not have been installed or uninstalled at this point.

                    Steve

                    I do agree with Stephen here...
                    It is probably best at this point because you ran that command to "clean up your packages" that you reinstall PFSense. You deleted quite a bit, and it is hard to tell what all you broke. Next time use my latest pull request, to install the controller, this will prevent you from having to set other things like enabling the FreeBSD package repo...

                    https://github.com/gozoinks/unifi-pfsense/pull/215

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      chumunga
                      last edited by chumunga

                      @Quasiguru as for the deleting well to be fair, I didn't actually run find / -name snort -delete , I actually used ls -lRh /var/ | grep snort then copied and paste the exact filename I wanted to delete instead of "snort" (this was for the sake of brevity) and for path I used /var/. I personally don't like to run find -delete at root unless I had too.

                      Also I tried your suggestion, unfortunately it didn't work for me.
                      "/usr/local/etc/pkg/repos/pfSense.conf file .... FreeBSD: { enabled: yes } should be set to yes. If it is, change it to no"

                      I will reinstall bare metal, perhaps me accidentally running the script twice could of had some repercussions. I did link this issue to there Github. So, ill give it another go and backup before re-installing UnifiController.

                      Its nice having Unifi run on the PFsense since its going to stay powered on anyways, worth trying for me.

                      >>> Installing pfSense-pkg-ntopng... 
                      Updating pfSense-core repository catalogue...
                      pfSense-core repository is up to date.
                      Updating pfSense repository catalogue...
                      pfSense repository is up to date.
                      All repositories are up to date.
                      The following 17 package(s) will be affected (of 0 checked):
                      
                      Installed packages to be REMOVED:
                      	pfSense: 2.4.5_1
                      	php72-intl: 7.2.29
                      
                      New packages to be INSTALLED:
                      	gdbm: 1.18.1_1 [pfSense]
                      	graphviz: 2.42.2_3 [pfSense]
                      	jbigkit: 2.1_1 [pfSense]
                      	jpeg-turbo: 2.0.3 [pfSense]
                      	libgd: 2.2.5_2,1 [pfSense]
                      	libsodium: 1.0.18 [pfSense]
                      	mysql57-client: 5.7.30_1 [pfSense]
                      	ndpi: 3.0.d20191021,1 [pfSense]
                      	ntopng: 3.8.d20191111,1 [pfSense]
                      	pfSense-pkg-ntopng: 0.8.13_5 [pfSense]
                      	protobuf: 3.9.2,1 [pfSense]
                      	redis: 5.0.7_2 [pfSense]
                      	tiff: 4.1.0 [pfSense]
                      	webfonts: 0.30_14 [pfSense]
                      	webp: 1.0.3_1 [pfSense]
                      
                      Number of packages to be removed: 2
                      Number of packages to be installed: 15
                      
                      The process will require 123 MiB more space.
                      15 MiB to be downloaded.
                      
                      Q 1 Reply Last reply Reply Quote 0
                      • Q Offline
                        Quasiguru @chumunga
                        last edited by

                        @chumunga said in Snort previously installed... and its gone:

                        @Quasiguru as for the deleting well to be fair, I didn't actually run find / -name snort -delete , I actually used ls -lRh /var/ | grep snort then copied and paste the exact filename I wanted to delete instead of "snort" (this was for the sake of brevity) and for path I used /var/. I personally don't like to run find -delete at root unless I had too.

                        Also I tried your suggestion, unfortunately it didn't work for me.
                        "/usr/local/etc/pkg/repos/pfSense.conf file .... FreeBSD: { enabled: yes } should be set to yes. If it is, change it to no"

                        I will reinstall bare metal, perhaps me accidentally running the script twice could of had some repercussions. I did link this issue to there Github. So, ill give it another go and backup before re-installing UnifiController.

                        Its nice having Unifi run on the PFsense since its going to stay powered on anyways, worth trying for me.

                        >>> Installing pfSense-pkg-ntopng... 
                        Updating pfSense-core repository catalogue...
                        pfSense-core repository is up to date.
                        Updating pfSense repository catalogue...
                        pfSense repository is up to date.
                        All repositories are up to date.
                        The following 17 package(s) will be affected (of 0 checked):
                        
                        Installed packages to be REMOVED:
                        	pfSense: 2.4.5_1
                        	php72-intl: 7.2.29
                        
                        New packages to be INSTALLED:
                        	gdbm: 1.18.1_1 [pfSense]
                        	graphviz: 2.42.2_3 [pfSense]
                        	jbigkit: 2.1_1 [pfSense]
                        	jpeg-turbo: 2.0.3 [pfSense]
                        	libgd: 2.2.5_2,1 [pfSense]
                        	libsodium: 1.0.18 [pfSense]
                        	mysql57-client: 5.7.30_1 [pfSense]
                        	ndpi: 3.0.d20191021,1 [pfSense]
                        	ntopng: 3.8.d20191111,1 [pfSense]
                        	pfSense-pkg-ntopng: 0.8.13_5 [pfSense]
                        	protobuf: 3.9.2,1 [pfSense]
                        	redis: 5.0.7_2 [pfSense]
                        	tiff: 4.1.0 [pfSense]
                        	webfonts: 0.30_14 [pfSense]
                        	webp: 1.0.3_1 [pfSense]
                        
                        Number of packages to be removed: 2
                        Number of packages to be installed: 15
                        
                        The process will require 123 MiB more space.
                        15 MiB to be downloaded.
                        

                        Like I said do not run the standard script run the one from my pull request instead. Running the script multiple times also will not cause a package repo issue either. The script does not effect the repos used...

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          chumunga
                          last edited by

                          So I finally reinstalled, after some interesting research from netgate manual, i learned that this could be an issue with my disk itself. These are the articles

                          https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html

                          https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-usage.html

                          Althought S.M.A.R.T didn't show anything concerning on PFSense, I recall one of these drives I used is failing. Since I intend to use pfsense personally (and for learning) I replaced the drives and configured a RAID 1, black friday amazon $25 for 240GB Kingston not bad.

                          @Quasiguru I am not a Github Guru or a dev by any means, and GitHub's UI doesn't really make a whole lot of sense to me, I thought pull request was for contributors who are requesting changes.

                          Here is what I was intending to use as well as what I used previously.

                          https://github.com/gozoinks/unifi-pfsense

                          which has that simple to run one-liner :)

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by stephenw10

                            Mmm, unclear which PR that might be: https://github.com/gozoinks/unifi-pfsense/pulls

                            Edit:
                            Oh wait I see it linked now: https://github.com/gozoinks/unifi-pfsense/pull/215

                            And, yeah, links to a different install script.

                            1 Reply Last reply Reply Quote 0
                            • Q Offline
                              Quasiguru
                              last edited by

                              Hey chumunga my pull request is 215, I fixed a lot of problems that were broken in the original script. This one liner will install 6.0.36...

                              fetch -o - https://git.io/JIIj5 | sh -s

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.