Snort and Suricata problems with the new PHP 8.1 and FreeBSD Main Snapshots
-
@nollipfsense, you are likely hitting the issue I described in this post way back at the top of this thread: https://forum.netgate.com/topic/174915/snort-and-suricata-problems-with-the-new-php-8-1-and-freebsd-main-snapshots/5.
The problem is with
pkgin pfSense and not with the Suricata (or Snort) packages themselves. There are also other pfSense packages that are currently impacted by this issue. The Netgate team is looking into it. -
@bmeeks Okay as I removed, reinstall, same, then removed settings, removed, reboot then reinstall and got the same result. One thing I noticed after the clean install was service status was showing Suricata had not started despite Suricata had not been enabled nor configured.
-
@nollipfsense said in Snort and Suricata problems with the new PHP 8.1 and FreeBSD Main Snapshots:
@bmeeks Okay as I removed, reinstall, same, then removed settings, removed, reboot then reinstall and got the same result. One thing I noticed after the clean install was service status was showing Suricata had not started despite Suricata had not been enabled nor configured.
Did you perform the steps outlined in the post I referenced from earlier? If not, go to Post #5 in this thread and perform the steps listed there after installing the package. Or, reboot your firewall after installing the package. Either of those steps will clear the block that the
pkgutility gets itself locked into when attempting to start a daemon as part of package installation.If Suricata is installed, it is perfectly normal for it to show up in the Services Status widget as it installs its binary part as a service that is started by the OS at boot.
-
@bmeeks So, I played around by reinstalling even though I never experienced any handing and always got the green success bar. Same as before not showing it started except this time pfSense system logs show Suricata started:
Dec 15 22:11:03 php-fpm 365 Starting Suricata on WAN(em0) per user request...
Dec 15 22:11:03 php 57998 [Suricata] Updating rules configuration for: WAN ...
Dec 15 22:11:03 php 57998 [Suricata] Building new sid-msg.map file for WAN...
Dec 15 22:11:03 php 57998 /tmp/suricata_em048136_startcmd.php: Configuration Change: (system): Removed cron job for suricata_check_for_rule_updates.php
Dec 15 22:11:03 check_reload_status 394 Syncing firewall
Dec 15 22:11:03 php 57998 [Suricata] Suricata START for WAN(em0)... -
So, after several updating the Nov, 242022 snapshot instance wasn't changing the result with Suricata. I completely deleted the instance and installed Dec, 232022 snapshot and restored from backup...glad to report all is good.
