Updated Snort and now cannot get into pfsense gui
-
This is a minor issue.
Using Snort 2.9.2.3 pkg v. 2.2.4 (and previous versions) Services: Snort: Snort Alerts does not really allow to clear the entries. Selecting another instance in the list control after clearing brings back the already deleted entries. It also seems that with multiple interfaces you cannot select other interfaces. In my case with 2 instances being installed (for WAN and LAN) the list control flips back to the 1st instance (here WAN) all the time.
I'll try to find the problem in the source code and with some luck I'll be able to report the details.
-
I believe this has been an issue since the alert file was split for different interfaces. It seems to only clear out the alerts when you only have one interface.
-
It also seems that the interface separation is flawed, e.g. after triggering some alerts on 2 interfaces I can generate a list for interface 1 that also shows entries from interface 2.
I think I have now grasped the bogus behavior sufficiently well, so I can start looking at the source code.
-
Well, there is virtually no support for splitting the interface related alerts. In snort_alerts.php, lines 49ff there is
... $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_uuid = $a_instance[0]['uuid']; $if_real = snort_get_real_interface($a_instance[0]['interface']); ...and subsequently only $snort_uuid and $if_real is used to do s.th. with the data. One way to proceed is to write a loop over all items in $a_instance and dispatch the currently selected instance, or simply go back to the simple list (which I would prefer).
-
Just reinstall should behave better.
-
Just updated this package on one of the firewalls to see if the logging issues were fix and it seems to have blown out the the web interface, every page just returns a 404 error.
2.0.1 AMD64
-
i've noticed 2 major issues with the latest changes.
1 When Snort was re-nstalled, its removing pfsense main index.php, also removed it for cron, shellcmd, took out pfBlocker Widget. gitsync fixes it and reinstalled packages where I got a 404 error2: the interface folder is not created, instead it creates a file of the interface name. I manually created the folder to see if it would snort, but its a no-go
snort[58336]: FATAL ERROR: [!] Unable to configure frag3 engine! Frag3 global config has not been established, please issue a "preprocessor frag3_global" directive -
Just saw the latest update to snort and updated and then re-booted the system. now I cannot get to the PFsense GUI I get "error 404 not found". Any ideas on how to fix. The screen directly plug in to pfsense shows me the console but I don't know how to get to the file system to see what the issue is.
Help
cjb
-
See this thread at the end. Gitsync seems to fix missing index.php:
http://forum.pfsense.org/index.php/topic,51253.msg274029.html
Greets, Judex
-
Hrm this was solved by jim, seems unintended behavior with packages.
With 2.3.0 version all should be back to normal. -
Installed, and removed Snort 2.9.2.3 pkg v. 2.2.5, because of preprocessor frag3_global issue.
Now webconfigurator / index.php's gone… 404.. Whats easiest way to get it back? Have only backup of config... Installed gitsync... but this means a copy installation to sync from?!?
-
@ermal:
Hrm this was solved by jim, seems unintended behavior with packages.
With 2.3.0 version all should be back to normal.I think this issue is still there. I had gitsync shortly after the fix jim put it. re-installed snort, same thing… Or will everything to be after install 2.3.0?
-
@judex: you link to this thread. What do you mean can help getting back index.php??? thx
-
Well, I have to admit I did not try it myself. Just read Cino's post and thought he was syncing the pfSense repository as described here:
http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots#Git_URL_Moved
The php pages should be included and you just had to copy them.My solution was to do a reinstall and restore which took me not more than 15 minutes.
Greetings, Judex
-
Duh! gitsync didnt work, i got a "Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 65"…
So i decided to update manually with a 2.0.1 release full-update via console. Seems to work, packages are being installed now and i see the gui again. -
Snort also broke my pfSense GUI today. :(
Had to reinstall from scratch and then restore from a config that I had. Even the 'factory restore' option didn't help.
-th3r3isnospoon