Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installing suricata never installs web menu

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      raajivrekha
      last edited by

      Today I decided to give suricata a go on my pfsense unit running 2.1.5-RELEASE (amd64) on a AMD G-T40E Processor and I ran into an issue while installing the package.

      It seems that the package install screen stays stuck at "Executing custom_php_install_comand()…" for a while (longer than 10 minutes)

      I opened up a new tab and headed over to the packages selection and the tab that says Installed Packages, and it shows up as installed.

      Then I searched under the web menu for "Services > Suricata" and didn't notice any entries there.

      After a short while I decided to re-install the package to see if it would install the menu item, but it didn't do that the second time around.

      I'm not quite sure what to try next. I did search around for this issue on the forums, but could only find a topic related to HTTP refer issues.

      Thanks in advance if anyone has any other ideas I can try.
      01.JPG
      01.JPG_thumb
      02.JPG
      02.JPG_thumb
      03.JPG
      03.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Run this command for me from a console prompt – (that is a lowercase L after the dash in the command)

        php -l /usr/local/pkg/suricata/suricata_post_install.php
        

        Send back any output that indicates any error occurred.

        Also, is this on a full install of pfSense on a conventional hard disk (or SSD), or is this a Nano install?  If Nano, how much free space is on /tmp and /var?

        Bill

        1 Reply Last reply Reply Quote 0
        • R
          raajivrekha
          last edited by

          I have a Netgate APU4 unit with an intel 525 mSATA 30GB SSD. I believe a month ago I installed using the pfsense memstick serial amd64 with the "embedded kernel" option.

          [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(15): uname -a
          FreeBSD firewall.local 8.3-RELEASE-p16 FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:28:51 EDT 2014     root@pf2_1_1_amd64.pfsense.org:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_wrap.8.amd64  amd64
          
          
          [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(10): ls -alth
          total 286
          drwxr-xr-x  2 root  wheel   512B Dec 23 11:02 .
          -rwxr-xr-x  1 root  wheel   9.4k Dec 23 11:02 suricata_etiqrisk_update.php
          -rwxr-xr-x  1 root  wheel   5.7k Dec 23 11:02 suricata_geoipupdate.php
          -rwxr-xr-x  1 root  wheel   4.9k Dec 23 11:02 suricata_defs.inc
          -rwxr-xr-x  1 root  wheel    12k Dec 23 11:02 suricata_post_install.php
          -rwxr-xr-x  1 root  wheel   5.9k Dec 23 11:02 suricata_uninstall.php
          -rwxr-xr-x  1 root  wheel    24k Dec 23 11:02 suricata_generate_yaml.php
          -rwxr-xr-x  1 root  wheel    14k Dec 23 11:02 suricata_migrate_config.php
          -rwxr-xr-x  1 root  wheel   8.7k Dec 23 11:02 suricata_yaml_template.inc
          -rwxr-xr-x  1 root  wheel    11k Dec 23 11:02 suricata_check_cron_misc.inc
          -rwxr-xr-x  1 root  wheel    33k Dec 23 11:02 suricata_check_for_rule_updates.php
          -rwxr-xr-x  1 root  wheel   7.8k Dec 23 11:02 suricata_sync.xml
          drwxr-xr-x  5 root  wheel   512B Dec 23 11:02 ..
          -rwxr-xr-x  1 root  wheel   133k Dec 23 11:02 suricata.inc
          
          
          [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(11): php -l suricata_post_install.php
          No syntax errors detected in suricata_post_install.php
          
          
          [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(12): du -hs /tmp
           17M    /tmp
          [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(13): du -hs /var/
           17M    /var/
          [2.1.5-RELEASE][root@firewall.local]/usr/local/pkg/suricata(14): df
          Filesystem  1K-blocks   Used    Avail Capacity  Mounted on
          /dev/ad4s1a  20261374 392296 18248170     2%    /
          devfs               1      1        0   100%    /dev
          /dev/md0         3694     42     3358     1%    /var/run
          devfs               1      1        0   100%    /var/dhcpd/dev
          
          
          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            The next step of the install that should have been executing (according the log message progress) is the check for an existing Suricata configuration.  If one is found, it is migrated into the new install (or reinstall).  Since you said you were giving Suricata a try, I am assuming a version was never previously installed on the box.

            Let me test a totally clean install on my 2.2 test VM to be sure there are no issues.  I will post back with results soon.

            Bill

            1 Reply Last reply Reply Quote 0
            • R
              raajivrekha
              last edited by

              Ah, that makes sense. Yes this same behavior occurred on a very first try of the installation, and then again on the re-install. Thank you much for a fast reply!

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                I just completed a test using a completely "clean" install of the package.  I tested on a December 23rd snapshot of 2.2-RC with the latest posted Suricata package.  It installed and ran just fine.

                I also tested an upgrade on a 2.1.5 VM.

                Go to Diagnostics…Tables and find and clear out the table of any IP addresses (if any are present), then delete the package and install it again from System…Packages.

                You mention having Netgate hardware.  The firmware update and package files for Netgate appliances come from a different server due to slight tweaks present in the Netgate version of pfSense (for increased performance on their specific hardware).  There have been a couple of instances in the past where the file sync process between the public pfSense package repository and the Netgate repository did not work correctly.  If you have a Netgate support contract, try contacting them about your problem.

                Bill

                1 Reply Last reply Reply Quote 0
                • R
                  raajivrekha
                  last edited by

                  Update: Upgraded to 2.2, and Suricata installs just fine. Thanks again.
                  –------------

                  Thanks for you insights. I went to Diagnostics > Tables, and there were no entries in the snort2c tables. So ...nothing to clean out.

                  I bought the kit from netgate, but didn't choose for them to do my install. Been using pfsense since 2010 (just before 1.2.3 releases), so I thought that doing the installation myself wasn't too bad. Successful clean install for sure.

                  What i'll try next is doing an uninstall (completely) (not a reinstall). Then checking those tables (snort2c), and clearing them if possible. I might go as far as a re-install with the memstick method, but choosing a regular installation (not embedded kernel), and give the package a go again.

                  Thank you again for looking into this.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.