Snort 2.9.4.6 pkg v. 2.5.9 reinstall on pfsense 2.1 - snort.sh mangeled

Slab

Hi,

Just upgraded to pfsense 2.1, and upon restart of pfsense Snort didn't start automatically. The system log indicates the following:

php: rc.start_packages: The command '/usr/local/etc/rc.d/snort.sh stop' returned exit code '127', the output was '/usr/local/etc/rc.d/snort.sh: not found'

So I completely uninstalled Snort, and then reinstalled. I got the same error.

From the shell, I've confirmed that the shell script is indeed there, but also receive the same error when attempting to manually execute the script from the shell. Upon examining the script with vi, I found that it was loaded with carriage returns (as if edited by a windows/dos editor) and thus it wasn't recognized by the shell! I stripped the carriage returns out, and was able to successfully run the script from the command line.

However, when I restart pfsense, snort.sh gets replaced with the same mangled iteration and thus Snort doesn't start again. I can't quite determine how/why it is getting replaced.

Oddly enough, I can start Snort from the gui. Any help would be most appreciated …thanks much.

simby

I have the same problem!

Runing x64 with 8Gb rama

with this service: Snort & pfBlocker + Proxy Squid 3.1 & squidGuard

Please help

languy

I have this problem as well. BandwidthD is doing the same thing. Stripping the carriage returns out of the file fixes the problem temporarily, but if any changes are made, the files are corrupted again.

jan.bee

Hello

I have the same issue with snort.
This bug seams to be related https://redmine.pfsense.org/issues/3221

I wonder if it has anything to do with upgrading from 2.0 to 2.1?

maex

Pfsense has serious problems with updating packages in parallel.

The only way to get it solved seems to be:
install package by package

1. uninstall one package. wait until check_reload process is down to 0% cpu (to wait is VERY IMPORTANT!).
2. reinstall package. wait again until reload is down to 0% cpu.
3. then restore your config.

If this does not work reboot after 1.

Restoring the config into a newly installed system also installs all the packages (this also happens on upgrade!). If you have faster multi-core cpus the setup somehow misses things. And snort can't see squid, squid can't see havp, clamd does not have a user, … all things that happened to me.... the processes seem to lock/block different parts of the system and all kinds of things go really wrong.

Take you time. install one package at a time.

jan.bee

Thanks for the tip Maex, waiting on that process to finish did it!

simby

Thanks, now it s working.

How can i fix snort time problem? Pfsense time is ok!

bmeeks

@simby:

Thanks, now it s working.

How can i fix snort time problem? Pfsense time is ok!

Can you be a bit more descriptive with your problem?  Snort gets time from pfSense, so they should match up.  What exactly do you mean by "fix snort time problem"?

Bill