Netgate m1n1wall

Author Topic: Snort Won't Start After Upgrade  (Read 50303 times)

0 Members and 1 Guest are viewing this topic.

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #150 on: August 04, 2011, 09:18:39 pm »
@hansmuff and asterix I dont run amd64 on my box, all my testing has been on the i386 platform.

@ermal logged into my console and i noticed some startup errors.
this is right after starting package snort....

chown: /tmp/snort*: No such file or directory
chmod: /var/run/snort*: No such file or directory
chmod: /tmp/snort*: No such file or directory

« Last Edit: August 05, 2011, 08:30:52 am by Cino »

Online grandrivers

  • Full Member
  • ***
  • Posts: 131
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #151 on: August 04, 2011, 09:52:39 pm »
I did a clean install and am having trouble with the emerging threats rules can't get them to show up

Offline Burnie

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #152 on: August 05, 2011, 12:32:03 am »
@Emarl: great work. snort seems to be working great now. (i386/2.0RC1)

I found two things that didn't seem right:

1. filenames of md5 files in /usr/local/www/snort/snort_download_updates.php seem wrong:

Code: [Select]
--- /usr/local/www/snort/snort_download_updates.php.orig 2011-08-04 22:03:35.000000000 +0200
+++ /usr/local/www/snort/snort_download_updates.php 2011-08-04 22:04:35.000000000 +0200
@@ -47,5 +47,5 @@
 /* quick md5s chk */
-if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'))
+if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2861.tar.gz.md5'))
 {
- $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5');
+ $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2861.tar.gz.md5');
 }else{
@@ -54,5 +54,5 @@
 
-if(file_exists('/usr/local/etc/snort/version.txt'))
+if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
 {
- $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt');
+ $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5');
 }else{

2. Trying to enable barnyard2, when I clicked save, it said it couldn't write to
    /usr/local/etc/snort/snort__re1/barnyard2.conf
    and then all config of snort were gone...
    I guess somewhere it lost $iface_uuid, as I suspect it meant to write to
    /usr/local/etc/snort/snort_6162_re1/barnyard2.conf

(I haven't had time to dig into the last one just yet)



Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #153 on: August 05, 2011, 02:17:54 am »
I have not touched barnyard at all, :(.

I know there are some other issues in the code but general functionality is ok.
I will check what i can do to progress on this but support is most definitely a welcome addition :)

BTW: my name is Ermal and not Emarl

EDIT:
@Burnie
imported your fix in the package, thx.

@Cino,

fixed the warnings you mentioned.
« Last Edit: August 05, 2011, 03:01:00 am by ermal »

Offline asterix

  • Sr. Member
  • ****
  • Posts: 597
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #154 on: August 05, 2011, 03:37:02 am »
Ermal, any amd64 support?

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #155 on: August 05, 2011, 04:02:16 am »
The amd64 support is there but look at redmine.pfsense.org under snort category of issues on pfSense-packages project.
I am trying to put there all known issues though solving those is not only based on my or pfSense good will :), some help is needed as well.

Offline hmishra

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #156 on: August 05, 2011, 05:21:28 am »
Ermal,

I know folks here have reported that the blocked hosts being cleared after the set time is working now, but I have not had success with that working yet. I have attached my screen shot of Cron entries on my system and don't think the job to remove the blocked hosts exists for Snort. I uninstalled and installed Snort just a few minutes back, so I am positive that I am running the latest iteration of your changes.

Thanks,
Hiranmoy

Offline hmishra

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #157 on: August 05, 2011, 05:28:35 am »
Never mind.....My mistake. Turns out I did not hit 'Save' after having installed the latest Snort package. The Cron entries appeared after that.

Thanks!

Offline Ibor Daru

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #158 on: August 05, 2011, 07:58:34 am »
@ermal and others

Today I updated my AMD64 PFSense system (Intel Atom CPU D510 @ 1.66GHz) to the latest available snapshot (2.0-RC3 (amd64) built on Tue Aug 2 22:54:59 EDT 2011).

Snort completely deinstalled before updating to latest snapshot. Reinstalled Snort, but Snort cannot be found in any menu whatsoever. Furthermore, Snort service is not available either. Tried again: completely deinstalled Snort, restarted PFSense and reinstalled Snort again with no results.

Any suggestions on how to solve the menu and service issues?
« Last Edit: August 05, 2011, 08:00:22 am by Ibor Daru »

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #159 on: August 05, 2011, 08:04:39 am »
You need to do a gitsync or wait for a new snapshot to come out.

Offline Ibor Daru

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #160 on: August 05, 2011, 08:24:13 am »
You need to do a gitsync or wait for a new snapshot to come out.

Thanks ermal! It worked out by following the guide @ http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots. Menu and service are back again.

However (don't shoot the messenger), Snort service still won't start ... as before. Just like:

Latest amd64 snapshot. Clean install.

Snort not starting.

Aug 4 18:43:49   SnortStartup[10250]: Snort HARD Reload For 35360_em0...
Aug 4 18:43:49   SnortStartup[6313]: Snort Startup files Sync...
Aug 4 18:43:22   SnortStartup[47731]: Snort HARD Reload For 35360_em0...
Aug 4 18:43:21   SnortStartup[43782]: Snort Startup files Sync...
...

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #161 on: August 05, 2011, 10:07:55 am »
That says the service is started.
Any other logs to claim that snort is not starting Ibor?

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #162 on: August 05, 2011, 10:33:13 am »
@ermal  startup is quiet... thanks again!

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #163 on: August 05, 2011, 12:23:53 pm »
Thank you for helping in testing Cino.

Offline seattle-it

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • Seattle IT Consultant
Re: Snort Won't Start After Upgrade
« Reply #164 on: August 05, 2011, 02:16:45 pm »
What happened to Barnyard?? 

Seems to be totally missing >:(
« Last Edit: August 05, 2011, 02:18:16 pm by seattle-it »
My tech blog - seattleit.net/blog