next »

[chowtamah]

From another thread, I come to know that, snort-2.9.2.3.tbz is available here,

amd64 is at http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/snort-2.9.2.3.tbz
i386 is at http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/snort-2.9.2.3.tbz

But, whether snort build updated to this link?

I am managing the show with old box.

[pfnewbe]

There has got to be a way to install it manually..

I agree.
The only problem is all the correct dependencies with other packages.
I think the easiest way is to change the index back so it's possible to install the 2.9.2 version and put 2.9.2.3 only in when it's really available.

[Cino]

I'm having the same issue,
It seems that if you enter http://files.pfsense.org/packages/8/All/ in your browser, the file that pfsense is trying to get "snort-2.9.2.3.tbz" is not there. Though there is "Snort-2.9.2.tbz" and older versions.
Are the URLS of these packages hard coded into pfsense or something?

There has got to be a way to install it manually..

pfsense packages are hard coded... search the wiki and the forum for the reason why... but if you install package/port, it could install a file and can break pfsense. Snort-2.9.2.tbz GUI was never completed, it used a patches to communicate with pf i believe. I started a new topic request the dev to change the package so it would download the old binary until the new is built and is tested

[rajbps]

Hiya,

Is nayone getting this error;

eginning package installation for snort...
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
 Downloading http://files.pfsense.org/packages/amd64/8/All/barnyard2-1.9_2.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/barnyard2-1.9_2.tbz.
of barnyard2-1.9_2 failed!

Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for mysql-client-5.1.53...done.
Starting package deletion for barnyard2-1.9_2...done.
Starting package deletion for snort-2.9.2.3...done.
Starting package deletion for perl-threaded-5.12.4_4...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Include file snort.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.

Installation halted.

Any help is welcome

Cheers,

Raj

[taryezveb]

From a thread I started about the same time as you...

2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6

In case the Snort devs do not know this. Or maybe it is just me?

Code:

Installation of snort FAILED!

Beginning package installation for snort...
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
 Downloading http://files.pfsense.org/packages/amd64/8/All/barnyard2-1.9_2.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/barnyard2-1.9_2.tbz.
of barnyard2-1.9_2 failed!

Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for mysql-client-5.1.53...done.
Starting package deletion for barnyard2-1.9_2...done.
Starting package deletion for snort-2.9.2.3...done.
Starting package deletion for perl-threaded-5.12.4_4...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Include file snort.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.

Installation halted.

Will try again later and report back.

[taryezveb]

Also as Cino points out..

http://forum.pfsense.org/index.php/topic,50397.msg268281.html#msg268281

noticed that too. barnyard2-1.9_2.tbz isnt built yet.. once its built, you should be good to go

[smokes2345]

you can download the package to your pfsense box from the pfsense repo using wget, then install with pkg_add (in my case it said it was already installed).  The downside to this option is it only installs the command line tools, not the web configuration interface.  To use it you will have to get familiar with the command-line options

Also, as mentioned previously, it's possible you might break something if you install from the standard freebsd repo.  I would guess that risk is minimized if you install from the pfsense repo, but still possible if you install something intended for a different version than what you're using. 

My install was failing while trying to install a dependency, barnyard2. 
Downloading http://files.pfsense.org/packages/8/All/barnyard2-1.9_2.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/barnyard2-1.9_2.tbz.
of barnyard2-1.9_2 failed!

[tritron]

There is http://files.pfsense.org/packages/8/All/barnyard2 file so maybe we can work around the issue fetch http://files.pfsense.org/packages/8/All/barnyard2 mv barnyard2 barnyard2-1.9_2.tbz then pkg_add -r barnyard2-1.9_2.tbz
What if for i386 we use http://mirrors.syringanetworks.net/pub/FreeBSD/ports/i386/packages-stable/security/barnyard2-1.9_2.tbz
or http://mirrors.syringanetworks.net/pub/FreeBSD/ports/amd64/packages-stable/security/barnyard2-1.9_2.tbz for 64 bit

[ermal]

Its fixes so just reinstall.

[fragged]

Snort 2.9.2.3 pkg v. 2.2 installs fine without errors, but after setting it up and updating rule files I get an error when I try to start it:

Snort HARD START For 62994_em0...

I currently only have EM rules selected.

2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6

Edit:
I tried to
1. Remove package + find /* |grep snort -> made sure no snort files are left over.
2. Rebooted pfsense
3. Installed Snort + configured it
4. Same error:  Snort HARD START For 37895_em0...

I went through the same setup on a vm and I got it working without messing around with anything. Whats going on?

[ermal]

You are not showing your system log there.
There will be the cause of that.

I can expect missing pre processor.

[sronsen]

Finally, it appears that the updated package files and the snort updates are in synch and are working.  However, the update seems to have broken the snort dashboard widget.  It is not updating, although selecting on its header does open the snort alerts window.  Tried removing and reinstalling the widget package to no effect.

Can someone verify this issue?  Thanks.

[Cino]

Finally, it appears that the updated package files and the snort updates are in synch and are working.  However, the update seems to have broken the snort dashboard widget.  It is not updating, although selecting on its header does open the snort alerts window.  Tried removing and reinstalling the widget package to no effect.

Can someone verify this issue?  Thanks.

it has... with the recently changes made to the alert page, the widget would probably have to be redone from scratch because the alerts are now broken out by interface, each interface has its own alert file now.....

[sekular]

I uninstalled snort when the install stopped working but my configurations saved across uninstalls. I installed it today and it went through fine. It loaded my previous configuration but no rules as expected (usually does this on updates). So i updated rules and disable and renable interface, checked all settings and enabled only one rule category to test. I get this error in syslog:

Jun 13 17:42:12   snort[37197]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
Jun 13 17:42:12   snort[37197]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.

Should i wipe all the configurations and start from scratch ?

[caustic386]

To get this to work, I had to uninstall, then run the following:

pkg_delete -f snort\*
find / -name snort

and rm -rf anything that turned up.  Reinstalling with new package fixed it from there, running snort rules and ET.