Snort 2.9.1 pkg v. 2.1.1 Error.
-
it will be located here: http://files.pfsense.org/packages/8/All/ when its built
Thanks for all the info :)
-
Try again after reinstalling snort.
-
@ermal:
Try again after reinstalling snort.
@ermal ah, life is good again.. Thank you sir! I uninstalled, ran 'find /* | grep -i snort | xargs rm -rv' just to be sure then a installed.. Saved the Global page(cron job creation) updated the rules and snort and barnyard started right up!! No more manually install barnyard2….. thank you again sir!
P.S thank you for breaking out the alert file by interface! Big plus there, nice to see alerts by interface. Doing this does break the snort widget on the dashboard tho :-( I changed log file its looking for but that didn't work for me... With the changes made to the alerts page, this widget would need some work to get working again... I can live without for now.. the new alert page is the better trade off IMHO
-
Well, I did everything again just now and I'm still getting:
Jun 13 11:37:34 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '1', the output was 'rm: /tmp/snort.sh.pid: No such file or directory rm: /var/run/snort*: No such file or directory' -
Well, I did everything again just now and I'm still getting:
Jun 13 11:37:34 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '1', the output was 'rm: /tmp/snort.sh.pid: No such file or directory rm: /var/run/snort*: No such file or directory'how are you starting it? from the service menu or from snort? I start mine from snort menu, and click on every interface i want to start/stop…
-
how are you starting it? from the service menu or from snort? I start mine from snort menu, and click on every interface i want to start/stop…
Both. Snort and service menu, same error on both ways.
If I do on shell:
[2.1-BETA0][root@**]/usr/local/etc/rc.d(25): ./snort.sh stop
rm: /tmp/snort.sh.pid: No such file or directory
rm: /var/run/snort: No such file or directorySame thing.
[2.1-BETA0][root@***]/usr/local/etc/rc.d(26): ./snort.sh start
rm: /var/run/snort_59419_pppoe0.pid: No such file or directory
./snort.sh: /usr/local/bin/snort: not foundo.O
I did everything, I even deleted my snort config and did all from scratch again. Same result. :(
-
I manually uploaded snort (bin) and now I'm back to ZERO:
Jun 13 12:39:10 snort[5794]: FATAL ERROR: parser.c(5302) Could not stat dynamic module path "/usr/local/lib/snort/dynamicpreprocessor": No such file or directory. -
Fixed.
I had to manually upload all those files, I have no idea WHY they weren't installed!
-
Fixed.
I had to manually upload all those files, I have no idea WHY they weren't installed!
something with your box… it created them for me and few other users
-
Fixed.
I had to manually upload all those files, I have no idea WHY they weren't installed!
Gradius, could you please explain how you manually updated those files as well please as I am gettingthe same error. Beforehand was getting the errors more or less everyone was seeing. I enabled all the preprocessors etc beforehand as well before downloading my rules with the oink code.
Thanks and appreciate your input.
-
Gradius, could you please explain how you manually updated those files as well please as I am gettingthe same error. Beforehand was getting the errors more or less everyone was seeing. I enabled all the preprocessors etc beforehand as well before downloading my rules with the oink code.
Thanks and appreciate your input.
@Cino: is some bug for real, my box is perfectly fine. :-) Is a Gigabyte MB running a trusty P4 3.60GHz (no overclock at all). Also, I'm only using Intel NIC (recent ones, not those old). Hardware is 2 years old (MB, CPU & cooler only). Also using brand new HDD Western Digital (no CF).
@FlashPan: the simple way (I'm tired broken head all the time with IT lol) is: http://dl.bitvise.com/Tunnelier-Inst.exe
Freeware and superb, of course you can also register for commercial use: http://www.bitvise.com/tunnelier
I just downloaded from packages link listed here early to PC (win7) used WinRAR to unpack, and just uploaded the necessary files to my pF box, with tunnelier you can use SFTP it has GUI and all, super easy to use.
Once uploaded the files, I just SSHed the pF box and confirmed if the rights (chown/chmod) of those files are correct.
After that you can just start from pF's WebGUI or use shell, that's all. It's a bug for sure.
-
just no more networking slang for me on the forums… box being your installation of pfsense... not your hardware.
since another user is having the same issue... Are you running AMD or i386? I'm running i386 with no issues right now... well other then some netlist/whitelist ipv6 issues but its not supported by pfsense i think at this time.
-
After new update, got the same error, had to put the files manually there again (except snort bin).
Always used i386:
2.1-BETA0 (i386)
built on Wed Jun 13 08:12:22 EDT 2012
FreeBSD 8.3-RELEASE-p3After snort re-start I'm getting this:
Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.DROPIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.DROPIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'is_proto_irc' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'is_proto_irc' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Jun 13 18:25:21 snort[23037]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Jun 13 18:25:21 snort[23037]: IP tracking disabled, no IP sessions allocated Jun 13 18:25:21 snort[23037]: IP tracking disabled, no IP sessions allocated Jun 13 18:25:21 snort[23037]: WARNING: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option. Jun 13 18:25:21 snort[23037]: WARNING: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option.
I don't know how bad (or good?) that is.
About my box, cannot be since config is really simple and not big at all and did upgrade from 2.0.1 to 2.1-beta. On 2.0.1 I never had such issues.
-
For some reason the latest version is not updating the files if you try to reinstall, or delete and install snort.
try this command from the command line:
pkg_add -f http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz
This has worked for me as it forces the install. You should see the files and objects after you run this command.
-
@mschiek01: I'm running fine again, I'll try that on next update.
Btw, my local time is BRT however on WebGUI only shows Wed Jun 13 21:47:37 UTC 2012.
It should be your zone (localtime) not UTC !
-
For some reason the latest version is not updating the files if you try to reinstall, or delete and install snort.
try this command from the command line:
pkg_add -f http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz
This has worked for me as it forces the install. You should see the files and objects after you run this command.
I forgot about that… I'm running 2.1beta0 also but since I didn't like PBI packages, I manually added 2.0.1 pkg manger code on to my box... When i install pfsense packages, it installs the TBZ file and not the PBI file... If other users running 2.1beat0 can confirm they are having the same issue, then the problem lies with the PBI package since the TBZ package seems to install snort correctly.
@Gradius its hard to capture the snort log since it can output hundreds of lines on start up... usually the last 10 lines or so will have the error on why it didn't start... I can't remember what the warnings mean, you would have to ask on a snort forum... but they have to do with the rules that were enabled
-
The tbz file exhibits this behavor as well. At least it does for me on both 2.0 and 2.1beta. If you want to try if for yourself just go into the package manager in the gui and click the reinstall button. Afterwards before or after you do the rules update browse /usr/local/lib/snort/ and you will notice files are not all there they are being deleted on the reinstall but not installed. Or you can just try to start snort. I have tested this and it is happening.
-
Yes, after every new update /usr/local/lib/snort/ is deleted and not re-installed. So on every update I'm forced to upload those deleted files manually, then update manually, and after all that, manual start snort.
This is very annoying. ::)
The deleted directories are:
dynamicengine
dynamicpreprocessor
dynamicrules
dynamic_preprocI never had such issues on 2.0.1 (same config).