Installing suricata never installs web menu



  • Today I decided to give suricata a go on my pfsense unit running 2.1.5-RELEASE (amd64) on a AMD G-T40E Processor and I ran into an issue while installing the package.

    It seems that the package install screen stays stuck at "Executing custom_php_install_comand()…" for a while (longer than 10 minutes)

    I opened up a new tab and headed over to the packages selection and the tab that says Installed Packages, and it shows up as installed.

    Then I searched under the web menu for "Services > Suricata" and didn't notice any entries there.

    After a short while I decided to re-install the package to see if it would install the menu item, but it didn't do that the second time around.

    I'm not quite sure what to try next. I did search around for this issue on the forums, but could only find a topic related to HTTP refer issues.

    Thanks in advance if anyone has any other ideas I can try.







  • Run this command for me from a console prompt – (that is a lowercase L after the dash in the command)

    php -l /usr/local/pkg/suricata/suricata_post_install.php
    

    Send back any output that indicates any error occurred.

    Also, is this on a full install of pfSense on a conventional hard disk (or SSD), or is this a Nano install?  If Nano, how much free space is on /tmp and /var?

    Bill



  • I have a Netgate APU4 unit with an intel 525 mSATA 30GB SSD. I believe a month ago I installed using the pfsense memstick serial amd64 with the "embedded kernel" option.

    [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(15): uname -a
    FreeBSD firewall.local 8.3-RELEASE-p16 FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:28:51 EDT 2014     root@pf2_1_1_amd64.pfsense.org:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_wrap.8.amd64  amd64
    
    
    [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(10): ls -alth
    total 286
    drwxr-xr-x  2 root  wheel   512B Dec 23 11:02 .
    -rwxr-xr-x  1 root  wheel   9.4k Dec 23 11:02 suricata_etiqrisk_update.php
    -rwxr-xr-x  1 root  wheel   5.7k Dec 23 11:02 suricata_geoipupdate.php
    -rwxr-xr-x  1 root  wheel   4.9k Dec 23 11:02 suricata_defs.inc
    -rwxr-xr-x  1 root  wheel    12k Dec 23 11:02 suricata_post_install.php
    -rwxr-xr-x  1 root  wheel   5.9k Dec 23 11:02 suricata_uninstall.php
    -rwxr-xr-x  1 root  wheel    24k Dec 23 11:02 suricata_generate_yaml.php
    -rwxr-xr-x  1 root  wheel    14k Dec 23 11:02 suricata_migrate_config.php
    -rwxr-xr-x  1 root  wheel   8.7k Dec 23 11:02 suricata_yaml_template.inc
    -rwxr-xr-x  1 root  wheel    11k Dec 23 11:02 suricata_check_cron_misc.inc
    -rwxr-xr-x  1 root  wheel    33k Dec 23 11:02 suricata_check_for_rule_updates.php
    -rwxr-xr-x  1 root  wheel   7.8k Dec 23 11:02 suricata_sync.xml
    drwxr-xr-x  5 root  wheel   512B Dec 23 11:02 ..
    -rwxr-xr-x  1 root  wheel   133k Dec 23 11:02 suricata.inc
    
    
    [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(11): php -l suricata_post_install.php
    No syntax errors detected in suricata_post_install.php
    
    
    [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(12): du -hs /tmp
     17M    /tmp
    [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(13): du -hs /var/
     17M    /var/
    [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(14): df
    Filesystem  1K-blocks   Used    Avail Capacity  Mounted on
    /dev/ad4s1a  20261374 392296 18248170     2%    /
    devfs               1      1        0   100%    /dev
    /dev/md0         3694     42     3358     1%    /var/run
    devfs               1      1        0   100%    /var/dhcpd/dev
    
    


  • The next step of the install that should have been executing (according the log message progress) is the check for an existing Suricata configuration.  If one is found, it is migrated into the new install (or reinstall).  Since you said you were giving Suricata a try, I am assuming a version was never previously installed on the box.

    Let me test a totally clean install on my 2.2 test VM to be sure there are no issues.  I will post back with results soon.

    Bill



  • Ah, that makes sense. Yes this same behavior occurred on a very first try of the installation, and then again on the re-install. Thank you much for a fast reply!



  • I just completed a test using a completely "clean" install of the package.  I tested on a December 23rd snapshot of 2.2-RC with the latest posted Suricata package.  It installed and ran just fine.

    I also tested an upgrade on a 2.1.5 VM.

    Go to Diagnostics…Tables and find and clear out the table of any IP addresses (if any are present), then delete the package and install it again from System…Packages.

    You mention having Netgate hardware.  The firmware update and package files for Netgate appliances come from a different server due to slight tweaks present in the Netgate version of pfSense (for increased performance on their specific hardware).  There have been a couple of instances in the past where the file sync process between the public pfSense package repository and the Netgate repository did not work correctly.  If you have a Netgate support contract, try contacting them about your problem.

    Bill



  • Update: Upgraded to 2.2, and Suricata installs just fine. Thanks again.
    –------------

    Thanks for you insights. I went to Diagnostics > Tables, and there were no entries in the snort2c tables. So ...nothing to clean out.

    I bought the kit from netgate, but didn't choose for them to do my install. Been using pfsense since 2010 (just before 1.2.3 releases), so I thought that doing the installation myself wasn't too bad. Successful clean install for sure.

    What i'll try next is doing an uninstall (completely) (not a reinstall). Then checking those tables (snort2c), and clearing them if possible. I might go as far as a re-install with the memstick method, but choosing a regular installation (not embedded kernel), and give the package a go again.

    Thank you again for looking into this.


Log in to reply