Updating to snort 3.9.7/3.2.2 breaks snort
-
Hi,
Wondering if anyone has seen this. I am running pfsense v2.1.5, and updated to the latest snort package. After the update, snort no longer shows up in the services menu. I have uninstalled and reinstalled snort several times. Has anyone else run into this?
-
Hi Ishiry,
When you installing the Snort package.. It can take some time to complete its installation depending on the hardware/Internet speed… Please ensure that you don't move away from the installation page until you see that it has fully completed the installation.
-
Hi Ishiry,
When you installing the Snort package.. It can take some time to complete its installation depending on the hardware/Internet speed… Please ensure that you don't move away from the installation page until you see that it has fully completed the installation.
+1 on this. Folks are navigating away from the Package Installation dialog too quickly. Snort migrates the old configuration, then downloads new rules, then unpacks and installs those rules, then it builds the enforcing rules file, then it builds the snort.conf file, and finally it starts all the Snort interfaces. This can take 30 seconds to more than 10 minutes depending on number of enabled rules and the CPU horsepower of the box.
Only after Snort finishes all of the tasks outline above does it return control to the Package Manager code so it can complete the installation and register the package as "done".
Leave it on the page until is says something like "…package installation successfully completed...". I don't remember the exact wording, but that's close. If you leave the page prematurely, the PHP process that was doing the installation is killed and the install never completes.
Bill
-
Thanks for the replies. It seems like one time I let it sit for more than 30 minutes, but I will try again and let it sit a good long time.
-
Ok, I tried a few more times. A couple times I let it sit for 1 to 2 hours, and still would not work. The last time I let it sit overnight. The browser times out waiting for a final response from the install php page and the whole thing dies, preventing the install script from completing. I found a workaround for this by killing the process "/bin/sh /usr/local/etc/rc.d/snort.sh start", which returns to the install script so it can complete the rest of its tasks. After that, snort was in the services menu. It was not started, but at least I can manage it now. Thanks for the help, got me looking in the right direction. Perhaps a fix for this would be to implement some sort of keepalive in the install php page, or background the service start step so it can complete.
-
… I found a workaround for this by killing the process "/bin/sh /usr/local/etc/rc.d/snort.sh start", which returns to the install script so it can complete the rest of its tasks. After that, snort was in the services menu. It was not started, but at least I can manage it now. Thanks for the help, got me looking in the right direction. Perhaps a fix for this would be to implement some sort of keepalive in the install php page, or background the service start step so it can complete.
Thanks for the information on how you solved it. Something got hung up in that sub-process on your box. You are not the only one to experience the issue, but the number who have is quite low (maybe 3 or 4 that I can recall). The install process calls a system function to execute that shell script. I will look into it some more.
Thanks,
Bill
