Upgrade from 132 to 133 saricata fails (RESOLVED)

General questions.
Post Reply
siosios
Posts: 15
Joined: March 8th, 2015, 8:12 pm

Upgrade from 132 to 133 saricata fails (RESOLVED)

Post by siosios » June 14th, 2019, 11:46 pm

I did a normal upgrade to day to 133 and now Saricata refuses to start. Im not sure were to look for the logs that would give me a better understanding of why but the log for the IPS in the GUI has one error after reboot.

Code: Select all

18:21:09	suricata: 	[ERRCODE: SC_ERR_NFQ_UNBIND(70)] - nfq_unbind_pf() for AF_INET failed
18:21:09	suricata: 	[ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
18:21:09	suricata: 	This is Suricata version 4.1.4 RELEASE
18:20:33	suricata: 	[ERRCODE: SC_ERR_NFQ_UNBIND(70)] - nfq_unbind_pf() for AF_INET failed
18:20:33	suricata: 	This is Suricata version 4.1.4 RELEASE
need some ideas on this and or help

thanks
sio
Last edited by siosios on June 15th, 2019, 11:12 pm, edited 1 time in total.
Image

JonM
Posts: 142
Joined: August 4th, 2017, 5:49 pm
Location: US

Re: Upgrade from 132 to 133 saricata fails

Post by JonM » June 15th, 2019, 12:04 am

Production:
Image

Testing Raspi 3B+:
Image

siosios
Posts: 15
Joined: March 8th, 2015, 8:12 pm

Re: Upgrade from 132 to 133 saricata fails

Post by siosios » June 15th, 2019, 12:42 am

JonM wrote:
June 15th, 2019, 12:04 am
maybe this post will help:
viewtopic.php?f=27&t=22884&p=125122#p125122
Thanks Jon, but i have rules selected and have tried both ET and Talos with red or green selected and monitoring on/off and still wont fire up. ive also done

Code: Select all

echo 130 > /opt/pakfire/db/core/mine
and brought the system back to 133 with no luck.

the only thing ive found with that error code is https://oisf-users.openinfosecfoundatio ... -unbind-70
Image

siosios
Posts: 15
Joined: March 8th, 2015, 8:12 pm

Re: Upgrade from 132 to 133 saricata fails

Post by siosios » June 15th, 2019, 3:00 am

I went ahead and reinstalled from scratch. was running fine until i did the talios rules and now its back to being dead

Code: Select all

Starting Intrusion Detection System...                                                                                                                                                                                                                 [ FAIL ]
chmod: cannot access '/var/run/suricata.pid': No such file or directory
Image

User avatar
FischerM
Community Developer
Community Developer
Posts: 1024
Joined: November 2nd, 2011, 12:28 pm

Re: Upgrade from 132 to 133 saricata fails

Post by FischerM » June 15th, 2019, 9:30 am

Hi,

what is shown when you try to start it manually?

See possible solution in:
=> viewtopic.php?f=5&t=22967

Code: Select all

pakfire install jansson
HTH,
Matthias

siosios
Posts: 15
Joined: March 8th, 2015, 8:12 pm

Re: Upgrade from 132 to 133 saricata fails

Post by siosios » June 15th, 2019, 1:35 pm

FischerM wrote:
June 15th, 2019, 9:30 am
Hi,

what is shown when you try to start it manually?

See possible solution in:
=> viewtopic.php?f=5&t=22967

Code: Select all

pakfire install jansson
HTH,
Matthias
thank you for the info, but i went ahead and setup a newer server as my firewall. so far everything is good
Image

fkienker
Posts: 126
Joined: March 3rd, 2011, 4:59 pm

Re: Upgrade from 132 to 133 saricata fails

Post by fkienker » June 15th, 2019, 3:33 pm

Upgrading an running C132 firewall system, I can duplicate this error. Once again, commenting the 2> /dev/null saves the day. With the comment removed, this message appears when trying to start Suricata:

/usr/bin/suricata: error while loading shared libraries: libjansson.so.4: cannot open shared object file: No such file or directory [ FAIL ]

Running:
find / -iname "libjansson*"
returns nothing.

Looks like a missing lib file.

Trying the suggested fix:

pakfire install jansson

PAKFIRE WARN: The pak "jansson" is not known. Please try running "pakfire update".
PAKFIRE ERROR: No packages to install. Exiting...

Updating mine back to 132 and re-running the update did not help.

Best regards,
Fred

siosios
Posts: 15
Joined: March 8th, 2015, 8:12 pm

Re: Upgrade from 132 to 133 saricata fails

Post by siosios » June 15th, 2019, 11:12 pm

FischerM wrote:
June 15th, 2019, 9:30 am
Hi,

what is shown when you try to start it manually?

See possible solution in:
=> viewtopic.php?f=5&t=22967

Code: Select all

pakfire install jansson
HTH,
Matthias
this was the fix after doing the new install i decided to try 133 again this morning after my last post
Upgrading an running C132 firewall system, I can duplicate this error. Once again, commenting the 2> /dev/null saves the day. With the comment removed, this message appears when trying to start Suricata:

/usr/bin/suricata: error while loading shared libraries: libjansson.so.4: cannot open shared object file: No such file or directory [ FAIL ]

Running:
find / -iname "libjansson*"
returns nothing.

Looks like a missing lib file.

Trying the suggested fix:

pakfire install jansson

PAKFIRE WARN: The pak "jansson" is not known. Please try running "pakfire update".
PAKFIRE ERROR: No packages to install. Exiting...

Updating mine back to 132 and re-running the update did not help.

Best regards,
Fred
thank you for duplicating the problem, for a little while there i thought i was losing my mind
Image

Post Reply