Installing suricata never installs web menu
Today I decided to give suricata a go on my pfsense unit running 2.1.5-RELEASE (amd64) on a AMD G-T40E Processor and I ran into an issue while installing the package.
It seems that the package install screen stays stuck at "Executing custom_php_install_comand()…" for a while (longer than 10 minutes)
I opened up a new tab and headed over to the packages selection and the tab that says Installed Packages, and it shows up as installed.
Then I searched under the web menu for "Services > Suricata" and didn't notice any entries there.
After a short while I decided to re-install the package to see if it would install the menu item, but it didn't do that the second time around.
I'm not quite sure what to try next. I did search around for this issue on the forums, but could only find a topic related to HTTP refer issues.
Thanks in advance if anyone has any other ideas I can try.
Run this command for me from a console prompt – (that is a lowercase L after the dash in the command)
php -l /usr/local/pkg/suricata/suricata_post_install.php
Send back any output that indicates any error occurred.
Also, is this on a full install of pfSense on a conventional hard disk (or SSD), or is this a Nano install? If Nano, how much free space is on /tmp and /var?
I have a Netgate APU4 unit with an intel 525 mSATA 30GB SSD. I believe a month ago I installed using the pfsense memstick serial amd64 with the "embedded kernel" option.
[2.1.5-RELEASE][firstname.lastname@example.org]/usr/local/pkg/suricata(15): uname -a FreeBSD firewall.local 8.3-RELEASE-p16 FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:28:51 EDT 2014 root@pf2_1_1_amd64.pfsense.org:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_wrap.8.amd64 amd64
[2.1.5-RELEASE][email@example.com]/usr/local/pkg/suricata(10): ls -alth total 286 drwxr-xr-x 2 root wheel 512B Dec 23 11:02 . -rwxr-xr-x 1 root wheel 9.4k Dec 23 11:02 suricata_etiqrisk_update.php -rwxr-xr-x 1 root wheel 5.7k Dec 23 11:02 suricata_geoipupdate.php -rwxr-xr-x 1 root wheel 4.9k Dec 23 11:02 suricata_defs.inc -rwxr-xr-x 1 root wheel 12k Dec 23 11:02 suricata_post_install.php -rwxr-xr-x 1 root wheel 5.9k Dec 23 11:02 suricata_uninstall.php -rwxr-xr-x 1 root wheel 24k Dec 23 11:02 suricata_generate_yaml.php -rwxr-xr-x 1 root wheel 14k Dec 23 11:02 suricata_migrate_config.php -rwxr-xr-x 1 root wheel 8.7k Dec 23 11:02 suricata_yaml_template.inc -rwxr-xr-x 1 root wheel 11k Dec 23 11:02 suricata_check_cron_misc.inc -rwxr-xr-x 1 root wheel 33k Dec 23 11:02 suricata_check_for_rule_updates.php -rwxr-xr-x 1 root wheel 7.8k Dec 23 11:02 suricata_sync.xml drwxr-xr-x 5 root wheel 512B Dec 23 11:02 .. -rwxr-xr-x 1 root wheel 133k Dec 23 11:02 suricata.inc
[2.1.5-RELEASE][firstname.lastname@example.org]/usr/local/pkg/suricata(11): php -l suricata_post_install.php No syntax errors detected in suricata_post_install.php
[2.1.5-RELEASE][email@example.com]/usr/local/pkg/suricata(12): du -hs /tmp 17M /tmp [2.1.5-RELEASE][firstname.lastname@example.org]/usr/local/pkg/suricata(13): du -hs /var/ 17M /var/ [2.1.5-RELEASE][email@example.com]/usr/local/pkg/suricata(14): df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad4s1a 20261374 392296 18248170 2% / devfs 1 1 0 100% /dev /dev/md0 3694 42 3358 1% /var/run devfs 1 1 0 100% /var/dhcpd/dev
The next step of the install that should have been executing (according the log message progress) is the check for an existing Suricata configuration. If one is found, it is migrated into the new install (or reinstall). Since you said you were giving Suricata a try, I am assuming a version was never previously installed on the box.
Let me test a totally clean install on my 2.2 test VM to be sure there are no issues. I will post back with results soon.
Ah, that makes sense. Yes this same behavior occurred on a very first try of the installation, and then again on the re-install. Thank you much for a fast reply!
I just completed a test using a completely "clean" install of the package. I tested on a December 23rd snapshot of 2.2-RC with the latest posted Suricata package. It installed and ran just fine.
I also tested an upgrade on a 2.1.5 VM.
Go to Diagnostics…Tables and find and clear out the table of any IP addresses (if any are present), then delete the package and install it again from System…Packages.
You mention having Netgate hardware. The firmware update and package files for Netgate appliances come from a different server due to slight tweaks present in the Netgate version of pfSense (for increased performance on their specific hardware). There have been a couple of instances in the past where the file sync process between the public pfSense package repository and the Netgate repository did not work correctly. If you have a Netgate support contract, try contacting them about your problem.
Update: Upgraded to 2.2, and Suricata installs just fine. Thanks again.
Thanks for you insights. I went to Diagnostics > Tables, and there were no entries in the snort2c tables. So ...nothing to clean out.
I bought the kit from netgate, but didn't choose for them to do my install. Been using pfsense since 2010 (just before 1.2.3 releases), so I thought that doing the installation myself wasn't too bad. Successful clean install for sure.
What i'll try next is doing an uninstall (completely) (not a reinstall). Then checking those tables (snort2c), and clearing them if possible. I might go as far as a re-install with the memstick method, but choosing a regular installation (not embedded kernel), and give the package a go again.
Thank you again for looking into this.