Snort 2.9.1 pkg v. 2.1.1 Error.
-
Just upgraded to the latest version and have this error.
snort[52276]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP (IPV6) version 1.1.4 (-2)
Anybody have an idea what is SF_SSLPP? so that I can head in the right direction to start debugging?
I'm on 2.1-Dev.
Thanks in Advance! :)
-
After some un-installs, reinstalls, reconfigurations, i managed to get it to show another message.
snort[8624]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic\s+' in rule [3:13308] is used before it is defined.
Snort is running as 2.9.1, whereas the current snort rule copy belongs to 2.9.0.5 after setting up the oink codes. Is there a bug here?
-
You should describe what you are doing to get this error!
-
Well, this error came with a clean install of the latest Snort 2.9.1 v2.1.1.. :-\
I then configured a new interface, enabled just one rule and checked on all the preprocessing.
The initial SF_SSLPP error, I believed is because of some clashes in packages as I have installed some Snort 2.9.2 installed via cli using pkg_add. After I do a pkg_delete of Snort 2.9.2 and a sweep of the common locations where snort stores its files, I reinstalled from the GUI 2.9.1 v2.1.1 again. So it gave me this new error of "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic\s+' in rule [3:13308] is used before it is defined."
-
After some un-installs, reinstalls, reconfigurations, i managed to get it to show another message.
snort[8624]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic\s+' in rule [3:13308] is used before it is defined.
Snort is running as 2.9.1, whereas the current snort rule copy belongs to 2.9.0.5 after setting up the oink codes. Is there a bug here?
I got the same error a week ago when I tried to setup snort 2.9.1 on AMD64 2.1-DEV a week ago. I was never able to fix it, but it's gone now when I'm running latest Snort package on i386.
Try unchecking all rules and see if you still get the error. Also, enable all pre-processors and see if that helps.
If it fails, remove package and remove (if any remain) traces of the "installed" snort package. Check em' by issuing the following in your ssh shell.
find /* | grep snortJust don't remove package cache and that stuff.
-
Some updates,
When I tried to isolate the issue, I realised that "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic\s+' in rule [3:13308] is used before it is defined" is actually caused by snort rules. When I didn't download the snort rules, but downloaded EmergingThreats rules, Snort will be able to run without crashing. After I downloaded the snort rules, the FATAL ERROR came in.
-
I'm running a new install of v2.0.1 of pfS (i386). Trying to install Snort from the packages area gives me the following:
===============================
Beginning package installation for snort…
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/snort-2.9.2.3.tbz.
of snort-2.9.2.3 failed!Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for mysql-client-5.1.53...done.
Starting package deletion for snort-2.9.2.3...done.
Starting package deletion for perl-threaded-5.10.1_3...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Include file snort.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.Installation halted.
Any help on installing would be appreciated. Thanks in advance.
-
Trying to install SNORT and get this:
Beginning package installation for snort…
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/snort-2.9.2.3.tbz.
of snort-2.9.2.3 failed!Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for mysql-client-5.1.53...done.
Starting package deletion for snort-2.9.2.3...done.
Starting package deletion for perl-threaded-5.10.1_3...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Include file snort.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.Installation halted.
-
I get the same error. Thats becouse package snort-2.9.2.3.tbz from this link http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/snort-2.9.2.3.tbz or from pfsense repository http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz doesnt exist . If you take a look at root ftp directoryon FreeBSD u will see that packages-8.1-release directory doesn exist, only thouse directory :
packages-8-stable/ 2012-Jun-07 06:23:01 - Directory
packages-8.2-release/ 2011-Feb-17 07:49:54 - Directory
packages-8.3-release/ 2012-Mar-29 00:26:51 - Directory
…........................... and other ...... :)
And also in official repository file snort-2.9.2.3.tbz doesnt exist.
As i know latest release of pfsense is based on 8.1 FreBSD release. At this moment i will try to and change the path of snort-2.9.2.3.tbz file to http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-8-release/All/snort-2.9.2.3.tbz or to official old package snort-2.9.0.5.tbz http://files.pfsense.org/packages/8/All/snort-2.9.0.5tbz . This is my first time when i try to change something in pfsense :) and i dont know what is the file from where pfsense take data to install packages. If any one can help me with that i think we can solve the problem .. I will do some research :) wish me luck -
this isn't the reason why btw… pfsense packages dont download from freebsd repository. they come from files.pfsense.org.. read my post http://forum.pfsense.org/index.php/topic,50301.msg267674.html#msg267674
-
search the forum before posting
http://forum.pfsense.org/index.php/topic,50301.msg267674.html#msg267674
-
Ok i get it , the reason is ..package is missing … as i saw :( all i whant to know is from where pfsense takes data for package install, becouse at least i can try to change the path to install and use the old package snort-2.9.0.5 until the new one comes.
-
you'll find it here http://files.pfsense.org/packages/8/All/ I have a feeling its not going to work because the package install via gui is going to fail because it the file isn't there right now.
-
Same problem here.
-
Just ran into the same issue here. I hope they place the latest snort package in the appropriate folder soon.
-
I tried upgrading the snort package, same error, the second URL, http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/snort-2.9.2.3.tbz, returns a 404 not found error.
-
http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/snort-2.9.2.3.tbz
That is a corrected path for the amd64 release. It appears the 8.1 path no longer exists.
-
i386 is at http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/snort-2.9.2.3.tbz
Don't we need snort package compiled for pfsense? -
Don't we need snort package compiled for pfsense?
yes because there is a patch that is needed so it can integrate into pfsense for auto blocking
-
in my case
rm -r /var/db/pkg/snort-2.9.0.5_1
pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/snort-2.9.2.3.tbzThen I try to install snort 2.9.2.3 from pfsense package manager again. It's only install perl-threaded-5.10.1_3.tbz from package manager.
Now snort 2.9.2.3 is running on my PfSense 2.0.1 i386