Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Updating to snort 3.9.7/3.2.2 breaks snort

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lshiry
      last edited by

      Hi,

      Wondering if anyone has seen this.  I am running pfsense v2.1.5, and updated to the latest snort package.  After the update, snort no longer shows up in the services menu.  I have uninstalled and reinstalled snort several times.  Has anyone else run into this?

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Hi Ishiry,

        When you installing the Snort package.. It can take some time to complete its installation depending on the hardware/Internet speed… Please ensure that you don't move away from the installation page until you see that it has fully completed the installation.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          @BBcan177:

          Hi Ishiry,

          When you installing the Snort package.. It can take some time to complete its installation depending on the hardware/Internet speed… Please ensure that you don't move away from the installation page until you see that it has fully completed the installation.

          +1 on this.  Folks are navigating away from the Package Installation dialog too quickly.  Snort migrates the old configuration, then downloads new rules, then unpacks and installs those rules, then it builds the enforcing rules file, then it builds the snort.conf file, and finally it starts all the Snort interfaces.  This can take 30 seconds to more than 10 minutes depending on number of enabled rules and the CPU horsepower of the box.

          Only after Snort finishes all of the tasks outline above does it return control to the Package Manager code so it can complete the installation and register the package as "done".

          Leave it on the page until is says something like "…package installation successfully completed...".  I don't remember the exact wording, but that's close.  If you leave the page prematurely, the PHP process that was doing the installation is killed and the install never completes.

          Bill

          1 Reply Last reply Reply Quote 0
          • L
            lshiry
            last edited by

            Thanks for the replies.  It seems like one time I let it sit for more than 30 minutes, but I will try again and let it sit a good long time.

            1 Reply Last reply Reply Quote 0
            • L
              lshiry
              last edited by

              Ok, I tried a few more times.  A couple times I let it sit for 1 to 2 hours, and still would not work.  The last time I let it sit overnight.  The browser times out waiting for a final response from the install php page and the whole thing dies, preventing the install script from completing.  I found a workaround for this by killing the process "/bin/sh /usr/local/etc/rc.d/snort.sh start", which returns to the install script so it can complete the rest of its tasks.  After that, snort was in the services menu.  It was not started, but at least I can manage it now.  Thanks for the help, got me looking in the right direction.  Perhaps a fix for this would be to implement some sort of keepalive in the install php page, or background the service start step so it can complete.

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @lshiry:

                … I found a workaround for this by killing the process "/bin/sh /usr/local/etc/rc.d/snort.sh start", which returns to the install script so it can complete the rest of its tasks.  After that, snort was in the services menu.  It was not started, but at least I can manage it now.  Thanks for the help, got me looking in the right direction.  Perhaps a fix for this would be to implement some sort of keepalive in the install php page, or background the service start step so it can complete.

                Thanks for the information on how you solved it.  Something got hung up in that sub-process on your box.  You are not the only one to experience the issue, but the number who have is quite low (maybe 3 or 4 that I can recall).  The install process calls a system function to execute that shell script.  I will look into it some more.

                Thanks,
                Bill

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.