Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort Stable 2.9.2.3 pkg v. 2.2 Failed

    pfSense Packages
    33
    102
    26765
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chowtamah last edited by

      I tried to upgrade the snort and I got this message ::)…

      Checking for package installation...
      Downloading http://files.pfsense.org/packages/amd64/8/All/snort-2.9.2.3.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/snort-2.9.2.3.tbz.
      of snort-2.9.2.3 failed!

      Any work around?

      2.0.1-RELEASE (amd64) built on Mon Dec 12 18:16:13 EST 2011  FreeBSD 8.1-RELEASE-p6

      2.0.2-RELEASE (amd64)  &  2.2.2-RELEASE (amd64)

      Always trying to learn!!

      1 Reply Last reply Reply Quote 0
      • D
        digdug3 last edited by

        Got the same problem upgrading from  2.9.1 pkg v. 2.1.1  to 2.9.2.3 pkg v. 2.1.1 on pfSense 2.0.1 AMD64
        "snort installation failed"

        1 Reply Last reply Reply Quote 0
        • A
          autarkis last edited by

          Getting same error on i386 install.

          When you check the repositories, it seems the FreeBSD 8.1-Release directory is gone.

          Not sure how to modify the package, so now i dont have a snort install…  ::)

          1 Reply Last reply Reply Quote 0
          • C
            chowtamah last edited by

            I had changed back to PFsense 1.2.3 (Standby box) as I can't control torrents without snort!!

            2.0.2-RELEASE (amd64)  &  2.2.2-RELEASE (amd64)

            Always trying to learn!!

            1 Reply Last reply Reply Quote 0
            • P
              pfsparc last edited by

              Got the same issue when I tried to upgrade Snort to : Stable 2.9.2.3 pkg v. 2.1.1 platform: 2.0

              Beginning package installation for snort...
              Downloading package configuration file... done.
              Saving updated package information... done.
              Downloading snort and its dependencies... 
              Checking for package installation... 
               Downloading http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/snort-2.9.2.3.tbz.
              of snort-2.9.2.3 failed!
              
              Installation aborted.Backing up libraries... 
              Removing package...
              Starting package deletion for mysql-client-5.1.53...done.
              Starting package deletion for snort-2.9.2.3...done.
              Starting package deletion for perl-threaded-5.10.1_3...done.
              Removing snort components...
              Menu items... done.
              Services... done.
              Loading package instructions...
              Include file snort.inc could not be found for inclusion.
              Deinstall commands... 
              Not executing custom deinstall hook because an include is missing.
              Removing package instructions...done.
              Auxiliary files... done.
              Package XML... done.
              Configuration... done.
              Cleaning up... Failed to install package.
              
              Installation halted.
              

              And it deleted the current install  :-(

              1 Reply Last reply Reply Quote 0
              • _
                _igor_ last edited by

                same here :(

                1 Reply Last reply Reply Quote 0
                • V
                  vito last edited by

                  me also :(

                  1 Reply Last reply Reply Quote 0
                  • C
                    Cino last edited by

                    i just check github https://github.com/bsdperimeter/pfsense-packages/commit/868e1e048cae773da3b63b1d15b3e6340386df9c and and the binary was updated for the pfsense package… since packages are built custom for pfsense, they need to be compiled. Once its done, it will be located here: http://files.pfsense.org/packages/8/All/

                    not sure when it will be built, that is a question for ermal

                    1 Reply Last reply Reply Quote 0
                    • S
                      sronsen last edited by

                      Same issue here.  At the least, please post instructions as to downloading and reinstalling previous version - FAST!

                      1 Reply Last reply Reply Quote 0
                      • B
                        borgotech last edited by

                        I found why .. take a look here http://forum.pfsense.org/index.php/topic,50313.msg267699.html#msg267699.

                        1 Reply Last reply Reply Quote 0
                        • C
                          Cino last edited by

                          @borgotech:

                          I found why .. take a look here http://forum.pfsense.org/index.php/topic,50313.msg267699.html#msg267699.

                          that isn't the reason why, read my post from earlier

                          1 Reply Last reply Reply Quote 0
                          • _
                            _igor_ last edited by

                            uuh yeah, would be great if the old version was still online to reinstall…

                            1 Reply Last reply Reply Quote 0
                            • S
                              sirWest last edited by

                              Also the same problem, should be a trivial fix by mods… sadly no rollback option so running w/o protection until fixed :/

                              1 Reply Last reply Reply Quote 0
                              • P
                                pfnewbe last edited by

                                Here also same problem… Packages-tab where saying there was an update for snort.
                                During upgrade old package removed and new one cant be downloaded...  :'(
                                Have anyone already made a bug-report to staff?

                                1 Reply Last reply Reply Quote 0
                                • Z
                                  zer0 0 last edited by

                                  I'm having the same issue,
                                  It seems that if you enter http://files.pfsense.org/packages/8/All/ in your browser, the file that pfsense is trying to get "snort-2.9.2.3.tbz" is not there. Though there is "Snort-2.9.2.tbz" and older versions.
                                  Are the URLS of these packages hard coded into pfsense or something?

                                  There has got to be a way to install it manually..

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    chowtamah last edited by

                                    From another thread, I come to know that, snort-2.9.2.3.tbz is available here,

                                    amd64 is at http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/snort-2.9.2.3.tbz
                                    i386 is at http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/snort-2.9.2.3.tbz

                                    But, whether snort build updated to this link?

                                    I am managing the show with old box.

                                    2.0.2-RELEASE (amd64)  &  2.2.2-RELEASE (amd64)

                                    Always trying to learn!!

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      pfnewbe last edited by

                                      @zer0:

                                      There has got to be a way to install it manually..

                                      I agree.
                                      The only problem is all the correct dependencies with other packages.
                                      I think the easiest way is to change the index back so it's possible to install the 2.9.2 version and put 2.9.2.3 only in when it's really available.

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        Cino last edited by

                                        @zer0:

                                        I'm having the same issue,
                                        It seems that if you enter http://files.pfsense.org/packages/8/All/ in your browser, the file that pfsense is trying to get "snort-2.9.2.3.tbz" is not there. Though there is "Snort-2.9.2.tbz" and older versions.
                                        Are the URLS of these packages hard coded into pfsense or something?

                                        There has got to be a way to install it manually..

                                        pfsense packages are hard coded… search the wiki and the forum for the reason why... but if you install package/port, it could install a file and can break pfsense. Snort-2.9.2.tbz GUI was never completed, it used a patches to communicate with pf i believe. I started a new topic request the dev to change the package so it would download the old binary until the new is built and is tested

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          rajbps last edited by

                                          Hiya,

                                          Is nayone getting this error;

                                          eginning package installation for snort…
                                          Downloading package configuration file... done.
                                          Saving updated package information... done.
                                          Downloading snort and its dependencies...
                                          Checking for package installation...
                                          Downloading http://files.pfsense.org/packages/amd64/8/All/barnyard2-1.9_2.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/barnyard2-1.9_2.tbz.
                                          of barnyard2-1.9_2 failed!

                                          Installation aborted.Backing up libraries...
                                          Removing package...
                                          Starting package deletion for mysql-client-5.1.53...done.
                                          Starting package deletion for barnyard2-1.9_2...done.
                                          Starting package deletion for snort-2.9.2.3...done.
                                          Starting package deletion for perl-threaded-5.12.4_4...done.
                                          Removing snort components...
                                          Menu items... done.
                                          Services... done.
                                          Loading package instructions...
                                          Include file snort.inc could not be found for inclusion.
                                          Deinstall commands...
                                          Not executing custom deinstall hook because an include is missing.
                                          Removing package instructions...done.
                                          Auxiliary files... done.
                                          Package XML... done.
                                          Configuration... done.
                                          Cleaning up... Failed to install package.

                                          Installation halted.

                                          Any help is welcome

                                          Cheers,

                                          Raj

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            taryezveb last edited by

                                            From a thread I started about the same time as you…

                                            2.0.1-RELEASE (amd64)
                                            built on Mon Dec 12 18:43:51 EST 2011
                                            FreeBSD 8.1-RELEASE-p6

                                            In case the Snort devs do not know this. Or maybe it is just me?

                                            Installation of snort FAILED!
                                            
                                            Beginning package installation for snort...
                                            Downloading package configuration file... done.
                                            Saving updated package information... done.
                                            Downloading snort and its dependencies... 
                                            Checking for package installation... 
                                             Downloading http://files.pfsense.org/packages/amd64/8/All/barnyard2-1.9_2.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/barnyard2-1.9_2.tbz.
                                            of barnyard2-1.9_2 failed!
                                            
                                            Installation aborted.Backing up libraries... 
                                            Removing package...
                                            Starting package deletion for mysql-client-5.1.53...done.
                                            Starting package deletion for barnyard2-1.9_2...done.
                                            Starting package deletion for snort-2.9.2.3...done.
                                            Starting package deletion for perl-threaded-5.12.4_4...done.
                                            Removing snort components...
                                            Menu items... done.
                                            Services... done.
                                            Loading package instructions...
                                            Include file snort.inc could not be found for inclusion.
                                            Deinstall commands... 
                                            Not executing custom deinstall hook because an include is missing.
                                            Removing package instructions...done.
                                            Auxiliary files... done.
                                            Package XML... done.
                                            Configuration... done.
                                            Cleaning up... Failed to install package.
                                            
                                            Installation halted.
                                            

                                            Will try again later and report back.

                                            1 Reply Last reply Reply Quote 0
                                            • T
                                              taryezveb last edited by

                                              Also as Cino points out..

                                              http://forum.pfsense.org/index.php/topic,50397.msg268281.html#msg268281

                                              @Cino:

                                              noticed that too. barnyard2-1.9_2.tbz isnt built yet.. once its built, you should be good to go

                                              1 Reply Last reply Reply Quote 0
                                              • S
                                                smokes2345 last edited by

                                                you can download the package to your pfsense box from the pfsense repo using wget, then install with pkg_add (in my case it said it was already installed).  The downside to this option is it only installs the command line tools, not the web configuration interface.  To use it you will have to get familiar with the command-line options

                                                Also, as mentioned previously, it's possible you might break something if you install from the standard freebsd repo.  I would guess that risk is minimized if you install from the pfsense repo, but still possible if you install something intended for a different version than what you're using.

                                                My install was failing while trying to install a dependency, barnyard2. 
                                                Downloading http://files.pfsense.org/packages/8/All/barnyard2-1.9_2.tbz …  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/barnyard2-1.9_2.tbz.
                                                of barnyard2-1.9_2 failed!

                                                1 Reply Last reply Reply Quote 0
                                                • T
                                                  tritron last edited by

                                                  There is http://files.pfsense.org/packages/8/All/barnyard2 file so maybe we can work around the issue fetch http://files.pfsense.org/packages/8/All/barnyard2 mv barnyard2 barnyard2-1.9_2.tbz then pkg_add -r barnyard2-1.9_2.tbz
                                                  What if for i386 we use http://mirrors.syringanetworks.net/pub/FreeBSD/ports/i386/packages-stable/security/barnyard2-1.9_2.tbz
                                                  or http://mirrors.syringanetworks.net/pub/FreeBSD/ports/amd64/packages-stable/security/barnyard2-1.9_2.tbz for 64 bit

                                                  1 Reply Last reply Reply Quote 0
                                                  • E
                                                    eri-- last edited by

                                                    Its fixes so just reinstall.

                                                    1 Reply Last reply Reply Quote 0
                                                    • F
                                                      fragged last edited by

                                                      Snort 2.9.2.3 pkg v. 2.2 installs fine without errors, but after setting it up and updating rule files I get an error when I try to start it:

                                                      Snort HARD START For 62994_em0…

                                                      I currently only have EM rules selected.

                                                      2.0.1-RELEASE (amd64)
                                                      built on Mon Dec 12 18:16:13 EST 2011
                                                      FreeBSD 8.1-RELEASE-p6

                                                      Edit:
                                                      I tried to
                                                      1. Remove package + find /* |grep snort -> made sure no snort files are left over.
                                                      2. Rebooted pfsense
                                                      3. Installed Snort + configured it
                                                      4. Same error:  Snort HARD START For 37895_em0...

                                                      I went through the same setup on a vm and I got it working without messing around with anything. Whats going on?

                                                      1 Reply Last reply Reply Quote 0
                                                      • E
                                                        eri-- last edited by

                                                        You are not showing your system log there.
                                                        There will be the cause of that.

                                                        I can expect missing pre processor.

                                                        1 Reply Last reply Reply Quote 0
                                                        • S
                                                          sronsen last edited by

                                                          Finally, it appears that the updated package files and the snort updates are in synch and are working.  However, the update seems to have broken the snort dashboard widget.  It is not updating, although selecting on its header does open the snort alerts window.  Tried removing and reinstalling the widget package to no effect.

                                                          Can someone verify this issue?  Thanks.

                                                          1 Reply Last reply Reply Quote 0
                                                          • C
                                                            Cino last edited by

                                                            @sronsen:

                                                            Finally, it appears that the updated package files and the snort updates are in synch and are working.  However, the update seems to have broken the snort dashboard widget.  It is not updating, although selecting on its header does open the snort alerts window.  Tried removing and reinstalling the widget package to no effect.

                                                            Can someone verify this issue?  Thanks.

                                                            it has… with the recently changes made to the alert page, the widget would probably have to be redone from scratch because the alerts are now broken out by interface, each interface has its own alert file now.....

                                                            1 Reply Last reply Reply Quote 0
                                                            • S
                                                              sekular last edited by

                                                              I uninstalled snort when the install stopped working but my configurations saved across uninstalls. I installed it today and it went through fine. It loaded my previous configuration but no rules as expected (usually does this on updates). So i updated rules and disable and renable interface, checked all settings and enabled only one rule category to test. I get this error in syslog:

                                                              Jun 13 17:42:12 snort[37197]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\sBasic[ \t]+' in rule [3:13308] is used before it is defined.
                                                              Jun 13 17:42:12 snort[37197]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s
                                                              Basic[ \t]+' in rule [3:13308] is used before it is defined.

                                                              Should i wipe all the configurations and start from scratch ?

                                                              1 Reply Last reply Reply Quote 0
                                                              • C
                                                                caustic386 last edited by

                                                                To get this to work, I had to uninstall, then run the following:

                                                                pkg_delete -f snort*
                                                                find / -name snort

                                                                and rm -rf anything that turned up.  Reinstalling with new package fixed it from there, running snort rules and ET.

                                                                1 Reply Last reply Reply Quote 0
                                                                • M
                                                                  mschiek01 last edited by

                                                                  Delete anything in this directory
                                                                  /usr/local/lib/snort/dynamicrules
                                                                  also uncheck any .so rules on your interfaces.

                                                                  Try to start snort

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • S
                                                                    sekular last edited by

                                                                    That has resolved the problem. thanks.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • F
                                                                      fragged last edited by

                                                                      @ermal:

                                                                      You are not showing your system log there.
                                                                      There will be the cause of that.

                                                                      I can expect missing pre processor.

                                                                      Status -> Servies -> Hit start on Snort, Status -> System log -> Jun 14 00:23:18 SnortStartup[18693]: Snort HARD START For 37895_em0… -is the only line generated.

                                                                      If I try to run Snort from Services -> Snort -> Snort interfaces, I get two lines:

                                                                      Jun 14 00:32:11 SnortStartup[35943]: Interface Rule START for 0_37895_em0…
                                                                      Jun 14 00:32:11 SnortStartup[30175]: Toggle for 37895_em0…

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • M
                                                                        mschiek01 last edited by

                                                                        services/snort
                                                                        click to edit the interface in question
                                                                        Select the Catagories tab
                                                                        Select the rules you want to use.

                                                                        Do not select any of the .so "shared objects rules" they will cause snort to crash.

                                                                        From your description it sounds like you don't have any rules selected.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • F
                                                                          fragged last edited by

                                                                          I have tried with and without rules enabled. Currently I have only EM rules installed and 2 of them selected. Still I don't get anything useful on the system log.

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • M
                                                                            mschiek01 last edited by

                                                                            On the Interface tab
                                                                            general you have enabled the interface correct?

                                                                            on the same tab under
                                                                            Choose the types of logs snort should create.
                                                                            you selected "Send alerts to main System logs"

                                                                            On the preprocessors tab you have enabled "performance statics for this interface"

                                                                            If all else fails you could try running this command from the console comand line although I do not think this is the problem

                                                                            pkg_add -f http://files.pfsense.org/packages/8/All/snort-2.9.2.3.tbz

                                                                            Then update your rules and try to start snort.

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • J
                                                                              johnnybe last edited by

                                                                              @ermal:

                                                                              Its fixes so just reinstall.

                                                                              It's running here 2.0.1-RELEASE (amd64) and kept all previous settings. All that I did, after reinstall, was to update ET rules.

                                                                              you would not believe the view up here

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • P
                                                                                pfnewbe last edited by

                                                                                @caustic386:

                                                                                To get this to work, I had to uninstall, then run the following:

                                                                                pkg_delete -f snort*
                                                                                find / -name snort

                                                                                and rm -rf anything that turned up.  Reinstalling with new package fixed it from there, running snort rules and ET.

                                                                                This worked for me!
                                                                                Tnx

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • M
                                                                                  miles267 last edited by

                                                                                  Has anyone else noticed on their Snort > Blocked (tab) that the ALERT DESCRIPTION next to each IP now says "N/A" instead of displaying a full description as it has in the past?

                                                                                  I've confirmed under Snort > Global Settings, my Alert file description type = FULL.

                                                                                  Is there any way to restore this functionality so that full alert description is listed?

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • M
                                                                                    mschiek01 last edited by

                                                                                    I think it is now being shown under the Alerts/Interface tab.

                                                                                    Have you noticed if the blocked ip's are being removed in the time you have specified?

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post