Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.7.0 upgrade & install fails on pfSense 2.2

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 5 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snak-pak
      last edited by

      I just upgraded to pfSense 2.2 and thought I should upgrade my packages too, including Snort. The upgrade failed, so I rebooted and tried a new install of the package which fails too with the following error. I'm running on a Netgate FW-7541 rack mount appliance with an SSD and lots of free disk space. The earlier version of Snort was running fine on pfSense 2.2.

      I don't know what the "Out of file descriptors" error means.

      Beginning package installation for snort .
      Downloading package configuration file... done.
      Saving updated package information... done.
      Downloading snort and its dependencies... 
      Checking for package installation... 
       Downloading https://files.pfsense.org/packages/8/All/snort-2.9.7.0-i386.pbi ...  (extracting)
       Out of file descriptors
      of snort-2.9.7.0-i386 failed!
      
      Installation aborted.Removing package...
      Starting package deletion for snort-2.9.7.0-i386...done.
      Removing snort components...
      Menu items... done.
      Services... done.
      Loading package instructions...
      Include file snort.inc could not be found for inclusion.
      Deinstall commands... 
      Not executing custom deinstall hook because an include is missing.
      Removing package instructions...done.
      Auxiliary files... done.
      Package XML... done.
      Configuration... done.
      done.
      Failed to install package.
      
      Installation halted.
      
      1 Reply Last reply Reply Quote 0
      • S
        snak-pak
        last edited by

        I just tried upgrading my other packages like nmap too and got the same error, "Out of file descriptors".  That tells me the problem is very likely not the package itself (snort or nap), but something else.

        Any thoughts on what the issue is?

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Did you tried this?

          https://forum.pfsense.org/index.php?topic=87305.0

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            @snak-pak:

            I don't know what the "Out of file descriptors" error means.

            
             Downloading https://files.pfsense.org/packages/8/All/snort-2.9.7.0-i386.pbi ...  (extracting)
            
             Out of file descriptors
            
             snort-2.9.7.0-i386 failed!
            
            

            I would suggest a reboot and see if it clears that issue up…

            There was a similar bug :
            https://redmine.pfsense.org/issues/3749

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • S
              snak-pak
              last edited by

              @BBcan177:

              I would suggest a reboot and see if it clears that issue up…

              There was a similar bug :
              https://redmine.pfsense.org/issues/3749

              Thanks for the link, I got it working now and think the issues are related to the above bug.

              After upgrading to pfSense 2.2, waiting for the automatic reboot, and then rebooting a couple more times just to be safe I noticed that the dashboard indicated uptime was still 137 days. Weird. The system must not have rebooted properly after the OS upgrade, and additionally the reboot command from the pfSense menu must not be working correctly either. My system is rack mount so I rarely visit the box…. I halted the system, pulled the power and then restarted. Now all is well again and I can install packages including snort and nap.

              Kelly

              1 Reply Last reply Reply Quote 0
              • W
                wiz561
                last edited by

                Did you use a watchdog for snort?  I uninstalled that too and rebooted.  I'm not sure if the reboot fixed it, or if the uninstall of the watchdog service and reboot fixed it.

                1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator
                  last edited by

                  @wiz561:

                  Did you use a watchdog for snort?  I uninstalled that too and rebooted.  I'm not sure if the reboot fixed it, or if the uninstall of the watchdog service and reboot fixed it.

                  I don't think the watchguard service is compatible with snort/suricata. If you have multiple interfaces it will restart them all. I also think it might try to restart the interfaces during "updates" of rules potentially causing duplicate pids.

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB
                    bmeeks
                    last edited by

                    @BBcan177:

                    @wiz561:

                    Did you use a watchdog for snort?  I uninstalled that too and rebooted.  I'm not sure if the reboot fixed it, or if the uninstall of the watchdog service and reboot fixed it.

                    I don't think the watchguard service is compatible with snort/suricata. If you have multiple interfaces it will restart them all. I also think it might try to restart the interfaces during "updates" of rules potentially causing duplicate pids.

                    BBcan177 is correct.  Snort and Suricata do not play well with the Service Watchdog package at this time.  I have been considering some other options within the two packages themselves to provide the same heartbeat checkup as the Service Watchdog package.

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.