Snort 2.9.2.3 pkg v. 2.5.4 Non start issue solved for myself atleast..
-
Running pfsense 202 with Snort 2.9.2.3 pkg v. 2.5.4 in a vmware 5.1 environment.
Im using the OVA deployment amd64 road.However after updating snort to 2.5.4 this nite i was partly unable to start snort anymore after initial start.
Meaning I lost the ability to start & restart the service.
Here is how I fixed it permanently.
Console showed I was missing "libmysqlclient.so.18" when starting snort. Log showed nothing I could use in my own troubleshooting….nada.
I tried to reinstall Nmap. because I apparently lost the file somewhere along another package using this version or version 15 maybe....
Another reason could actually be that this "dependency" file was lost while early error scouting...using find /* | grep -i snort | xargs rm -rv may have wiped this file that really should not have been wiped.anyways above didnt work.
I cleared package lock and reinstalled all packages again. I along that path got the libmysqlclient.so. version 18 file down. ... ( my step would have been to get this file from other sources if I hadnt succeded in the first place.Now snort start in console and I am also able to use and misuse snort now from GUI and interface definition.
How I lost this file is not really sure to me...i do however praise my virtualisation for easy rollbacks and testing beds as well as faultfinding.
Now onwards to chain an virtualized untangle in from of my pf vm.
Best regards
-
hi again
apparently I spoke to early and need some help now
I keep loosing this file after a reboot of the pfsense
here is some logging from the terminal:
[2.0.2-RELEASE][root@pfsense.somelan]/root(1): find /* | grep -i libmysql /root/libmysqlclient.so.1.core /root/libmysqlclient_r.so.core /usr/local/lib/mysql/libmysqlclient.a /usr/local/lib/mysql/libmysqlclient.la /usr/local/lib/mysql/libmysqlclient.so /usr/local/lib/mysql/libmysqlclient.so.16 /usr/local/lib/mysql/libmysqlclient_r.a /usr/local/lib/mysql/libmysqlclient_r.la /usr/local/lib/mysql/libmysqlclient_r.so /usr/local/lib/mysql/libmysqlclient_r.so.16 /usr/local/lib/mysql/libmysqlclient.so.18 /usr/local/lib/mysql/libmysqlclient_r.so.18 /usr/local/lib/mysql/libmysqlservices.a ^C [2.0.2-RELEASE][root@pfsense.some.lan]/root(2): snort /libexec/ld-elf.so.1: Shared object "libmysqlclient.so.18" not found, required by "snort"the file is actually found and located on disk..however snort knows not….
Anyone know where it should reside for snort to see it. ?
Howcome this error or do I have a fubar pf ?and this is all i find form the systemlog after a reboot
php: /status_services.php: The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '1', the output was ''best regard
Stephan
-
Possibly same error as in this thread:
http://forum.pfsense.org/index.php/topic,51493.msg311409.html#msg311409
-
agree on that onhel and thanks for your reply.
facts
I can consistently count on a superduper working and smooth snort until next reboot from a new reinstalled snort + interface defining again.
I can consistently get snort up and running doing the package lock clear and reinstall packages method.
and I will get this paticular error after a reboot of the pfbox:/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.18" not found, required by "snort" when trying to manually start snort. ofc cant start in in gui either when i see this.
does anyone have a workaround or a theory about why snort dont find / use this file…..its there allready i see when im finding for it?
snort was doing fine consistenly until i upgraded yesterday =)
Going to build a new vm later tonite for this. Will put only snort on it....and see what will happen.
Best Regards
