Crash Report
-
Not sure where to post these reports,.. I assumed there might be a top level topic or something to post these to...
But if I have missed it somewhere I apologise..
2.7.1-RELEASE (amd64)
built on Fri Nov 17 23:03:00 GMT 2023
FreeBSD 14.0-CURRENTBut here is my crash report:-
[03-Dec-2023 15:59:17 Europe/London] PHP Fatal error: Uncaught ValueError: date_create_from_format(): Argument #2 ($datetime) must not contain any null bytes in /usr/local/www/widgets/widgets/suricata_alerts.widget.php:183 Stack trace: #0 /usr/local/www/widgets/widgets/suricata_alerts.widget.php(183): date_create_from_format('m/d/Y-H:i:s.u', '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...') #1 /usr/local/www/widgets/widgets/suricata_alerts.widget.php(78): suricata_widget_get_alerts() #2 {main} thrown in /usr/local/www/widgets/widgets/suricata_alerts.widget.php on line 183Hope this is useful to someone...
-
What version of Suricata is that?
You should upgrade to 2.7.2 though.
Steve
-
@diyhouse said in Crash Report:
Not sure where to post these reports,.. I assumed there might be a top level topic or something to post these to...
But if I have missed it somewhere I apologise..
2.7.1-RELEASE (amd64)
built on Fri Nov 17 23:03:00 GMT 2023
FreeBSD 14.0-CURRENTBut here is my crash report:-
[03-Dec-2023 15:59:17 Europe/London] PHP Fatal error: Uncaught ValueError: date_create_from_format(): Argument #2 ($datetime) must not contain any null bytes in /usr/local/www/widgets/widgets/suricata_alerts.widget.php:183 Stack trace: #0 /usr/local/www/widgets/widgets/suricata_alerts.widget.php(183): date_create_from_format('m/d/Y-H:i:s.u', '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...') #1 /usr/local/www/widgets/widgets/suricata_alerts.widget.php(78): suricata_widget_get_alerts() #2 {main} thrown in /usr/local/www/widgets/widgets/suricata_alerts.widget.php on line 183Hope this is useful to someone...
The fix for that issue is in the latest Suricata package update (version 7.0.2_1). If you have not yet updated pfSense to the latest release, do that and then update Suricata AFTER you have updated pfSense to the latest version. You should NOT update Suricata until you are on the current pfSense release (23.09.1 for Plus or 2.7.2 for CE).
-
Many tx guys for the responses..
Just to clarify.. suricata is at 7.0.2_1, and was recently updated when pfsense flagged it as 'updatable'.. (whilst on a base of 2.7.1)
At that point in time, base pfsense was not showing an available update... although this morning when I look 2.7.2 is showing as available,.. don't think I missed the 'update offer', but who knows.
Should I update suricata, again,. Following update to 2.7.2 ?
Tx again..... -
When you upgrade to 2.7.2 it will pull in the current Suricata pkg anyway.
-
2.7.2 Update complete,.. everything in the green,.. no additional updates showing etc.
Many tx guys... -
And further,.. have just updated as follows:-
Installed packages to be UPGRADED: pfSense-pkg-suricata: 7.0.2_1 -> 7.0.2_2 [pfSense] suricata: 7.0.2_4 -> 7.0.2_5 [pfSense]I guess there are some other little fixes being applied.
But one last question,... looking at the end of the update log stream... I get the following,..Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed. You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed. >>> Cleaning up cache... done. Success. if it is no longer needed.,.. how do mere mortals know if it is needed or not,...
do I need these files, or not?
Tx -
Those instructions only apply to FreeBSD users. You should not need to do anything outside the package system in pfSense.
-
@diyhouse said in Crash Report:
And further,.. have just updated as follows:-
Installed packages to be UPGRADED: pfSense-pkg-suricata: 7.0.2_1 -> 7.0.2_2 [pfSense] suricata: 7.0.2_4 -> 7.0.2_5 [pfSense]I guess there are some other little fixes being applied.
But one last question,... looking at the end of the update log stream... I get the following,..Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed. You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed. >>> Cleaning up cache... done. Success. if it is no longer needed.,.. how do mere mortals know if it is needed or not,...
do I need these files, or not?
Tx@stephenw10 has the correct answer. Instructions you see scroll by at the end of the binary portion of package installations are meant for consumption by folks using the package on plain-vanilla FreeBSD installs with no GUI. Those messages should be ignored by pfSense users. Since they are bundled with the binary as it comes from upstream, removing them or customizing them for pfSense would mean making and maintaining edits for every single third-party package. Not worth the effort.
That file was formerly used by Suricata, but is no longer required and is ignored. It hurts nothing to still have it in the distro, though. Snort does still want that file, so that's why it remains for now.
