snort-1 (alert data) [FAIL]
Jordan
When updating everything I ran sudo apt-get update && sudo apt-get dist-upgrade.
Once updated i rebooted and now snort-1 fails
snortu-1.log ends like this:
>tail sudo nano /var/log/nsm/(sensor2)/snortu-1.log
pfring DAQ configured to passive.
ERROR: Can't initialize DAQ pfring (-1) -
Fatal Error, Quitting..
I tried doing these steps: https://code.google.com/p/security-onion/wiki/Upgrade
However i now get this error when doing any sudo apt-get update
securityonion-pfring-module is already the newest version.
securityonion-pfring-module set to manually installed.
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
mysql-server-5.5 : Depends: mysql-server-core-5.5 (= 5.5.31-0ubuntu0.12.04.1) but 5.5.31-0ubuntu0.12.04.2 is to be installed
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these.
The following packages have unmet dependencies:
mysql-server-5.5 : Depends: mysql-server-core-5.5 (= 5.5.31-0ubuntu0.12.04.1) but 5.5.31-0ubuntu0.12.04.2 is installed
E: Unmet dependencies. Try using -f.
So i tired running the mysqlupdates: https://code.google.com/p/security-onion/wiki/MySQLUpdates
Still nothing. Yet one of my sensors shows everything running just fine.
Doug Burks
As the message suggests, have you tried running "sudo apt-get -f install"?
Thanks,
Doug
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
Doug Burks
http://securityonion.blogspot.com
Jordan
Do you want to continue [Y/n]? y
dpkg: dependency problems prevent configuration of mysql-server-5.5:
mysql-server-5.5 depends on mysql-server-core-5.5 (= 5.5.29-0ubuntu0.12.04.2); however:
Version of mysql-server-core-5.5 on system is 5.5.31-0ubuntu0.12.04.2.
dpkg: error processing mysql-server-5.5 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of mysql-server:
mysql-server depends on mysql-server-5.5; however:
Package mysql-server-5.5 is not configured yet.
dpkg: error processing mysql-server (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of securityonion-snorby:
securityonion-snorby depends on mysql-server; however:
Package mysql-server is not configured yet.
dpkg: error processing securityonion-snorby (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
No apport report written because MaxReports is reached already
No apport report written because MaxReports is reached already
Errors were encountered while processing:
mysql-server-5.5
mysql-server
securityonion-snorby
E: Sub-process /usr/bin/dpkg returned an error code (1)
Doug Burks
https://code.google.com/p/security-onion/wiki/MySQLUpdates, did you
type the commands manually or copy/paste? Seems like maybe the box
didn't fully update all mysql pieces. Please try the MySQL steps
again but make sure you copy/paste the commands, especially the
following:
sudo apt-get update && sudo apt-get install mysql-server
mysql-server-core-5.5 mysql-server-5.5
Then copy/paste any and all output into your reply.
Thanks,
Doug
On Thu, Jun 27, 2013 at 9:06 AM, Jordan <forever...@gmail.com> wrote:
> Also one seemed to magically start working over night. Im only left with one sensor that doesn't want to cooperate.
Jordan
(Sensor2)@(Sensor2IP):~$ sudo apt-get update && sudo apt-get install mysql-server mysql-server-core-5.5 mysql-server-5.5
Hit http://us.archive.ubuntu.com precise Release.gpg
Hit http://us.archive.ubuntu.com precise-updates Release.gpg
Hit http://us.archive.ubuntu.com precise-backports Release.gpg
Hit http://us.archive.ubuntu.com precise Release
Hit http://us.archive.ubuntu.com precise-updates Release
Hit http://us.archive.ubuntu.com precise-backports Release
Hit http://us.archive.ubuntu.com precise/main Sources
Hit http://us.archive.ubuntu.com precise/restricted Sources
Hit http://us.archive.ubuntu.com precise/universe Sources
Hit http://us.archive.ubuntu.com precise/multiverse Sources
Hit http://us.archive.ubuntu.com precise/main amd64 Packages
Hit http://us.archive.ubuntu.com precise/restricted amd64 Packages
Hit http://us.archive.ubuntu.com precise/universe amd64 Packages
Hit http://us.archive.ubuntu.com precise/multiverse amd64 Packages
Hit http://us.archive.ubuntu.com precise/main i386 Packages
Hit http://us.archive.ubuntu.com precise/restricted i386 Packages
Hit http://us.archive.ubuntu.com precise/universe i386 Packages
Hit http://us.archive.ubuntu.com precise/multiverse i386 Packages
Hit http://us.archive.ubuntu.com precise/main TranslationIndex
Hit http://us.archive.ubuntu.com precise/multiverse TranslationIndex
Hit http://us.archive.ubuntu.com precise/restricted TranslationIndex
Hit http://us.archive.ubuntu.com precise/universe TranslationIndex
Hit http://us.archive.ubuntu.com precise-updates/main Sources
Hit http://us.archive.ubuntu.com precise-updates/restricted Sources
Hit http://us.archive.ubuntu.com precise-updates/universe Sources
Hit http://us.archive.ubuntu.com precise-updates/multiverse Sources
Hit http://us.archive.ubuntu.com precise-updates/main amd64 Packages
Hit http://us.archive.ubuntu.com precise-updates/restricted amd64 Packages
Hit http://us.archive.ubuntu.com precise-updates/universe amd64 Packages
Hit http://us.archive.ubuntu.com precise-updates/multiverse amd64 Packages
Hit http://us.archive.ubuntu.com precise-updates/main i386 Packages
Hit http://us.archive.ubuntu.com precise-updates/restricted i386 Packages
Hit http://us.archive.ubuntu.com precise-updates/universe i386 Packages
Hit http://us.archive.ubuntu.com precise-updates/multiverse i386 Packages
Hit http://us.archive.ubuntu.com precise-updates/main TranslationIndex
Hit http://us.archive.ubuntu.com precise-updates/multiverse TranslationIndex
Hit http://us.archive.ubuntu.com precise-updates/restricted TranslationIndex
Hit http://us.archive.ubuntu.com precise-updates/universe TranslationIndex
Hit http://us.archive.ubuntu.com precise-backports/main Sources
Hit http://us.archive.ubuntu.com precise-backports/restricted Sources
Hit http://us.archive.ubuntu.com precise-backports/universe Sources
Hit http://us.archive.ubuntu.com precise-backports/multiverse Sources
Hit http://us.archive.ubuntu.com precise-backports/main amd64 Packages
Hit http://us.archive.ubuntu.com precise-backports/restricted amd64 Packages
Hit http://us.archive.ubuntu.com precise-backports/universe amd64 Packages
Hit http://us.archive.ubuntu.com precise-backports/multiverse amd64 Packages
Hit http://us.archive.ubuntu.com precise-backports/main i386 Packages
Hit http://us.archive.ubuntu.com precise-backports/restricted i386 Packages
Hit http://us.archive.ubuntu.com precise-backports/universe i386 Packages
Hit http://us.archive.ubuntu.com precise-backports/multiverse i386 Packages
Hit http://us.archive.ubuntu.com precise-backports/main TranslationIndex
Hit http://us.archive.ubuntu.com precise-backports/multiverse TranslationIndex
Hit http://us.archive.ubuntu.com precise-backports/restricted TranslationIndex
Hit http://us.archive.ubuntu.com precise-backports/universe TranslationIndex
Hit http://us.archive.ubuntu.com precise/main Translation-en
Hit http://us.archive.ubuntu.com precise/multiverse Translation-en
Hit http://us.archive.ubuntu.com precise/restricted Translation-en
Hit http://us.archive.ubuntu.com precise/universe Translation-en
Hit http://us.archive.ubuntu.com precise-updates/main Translation-en
Hit http://us.archive.ubuntu.com precise-updates/multiverse Translation-en
Hit http://us.archive.ubuntu.com precise-updates/restricted Translation-en
Hit http://us.archive.ubuntu.com precise-updates/universe Translation-en
Hit http://us.archive.ubuntu.com precise-backports/main Translation-en
Hit http://us.archive.ubuntu.com precise-backports/multiverse Translation-en
Hit http://us.archive.ubuntu.com precise-backports/restricted Translation-en
Hit http://us.archive.ubuntu.com precise-backports/universe Translation-en
Hit http://extras.ubuntu.com precise Release.gpg
Hit http://extras.ubuntu.com precise Release
Hit http://extras.ubuntu.com precise/main Sources
Hit http://extras.ubuntu.com precise/main amd64 Packages
Hit http://extras.ubuntu.com precise/main i386 Packages
Ign http://extras.ubuntu.com precise/main TranslationIndex
Hit http://ppa.launchpad.net precise Release.gpg
Hit http://ppa.launchpad.net precise Release
Ign http://extras.ubuntu.com precise/main Translation-en_US
Hit http://ppa.launchpad.net precise/main Sources
Ign http://extras.ubuntu.com precise/main Translation-en
Hit http://ppa.launchpad.net precise/main amd64 Packages
Hit http://ppa.launchpad.net precise/main i386 Packages
Ign http://ppa.launchpad.net precise/main TranslationIndex
Ign http://ppa.launchpad.net precise/main Translation-en_US
Ign http://ppa.launchpad.net precise/main Translation-en
Hit http://security.ubuntu.com precise-security Release.gpg
Hit http://security.ubuntu.com precise-security Release
Hit http://security.ubuntu.com precise-security/main Sources
Hit http://security.ubuntu.com precise-security/restricted Sources
Hit http://security.ubuntu.com precise-security/universe Sources
Hit http://security.ubuntu.com precise-security/multiverse Sources
Hit http://security.ubuntu.com precise-security/main amd64 Packages
Hit http://security.ubuntu.com precise-security/restricted amd64 Packages
Hit http://security.ubuntu.com precise-security/universe amd64 Packages
Hit http://security.ubuntu.com precise-security/multiverse amd64 Packages
Hit http://security.ubuntu.com precise-security/main i386 Packages
Hit http://security.ubuntu.com precise-security/restricted i386 Packages
Hit http://security.ubuntu.com precise-security/universe i386 Packages
Hit http://security.ubuntu.com precise-security/multiverse i386 Packages
Hit http://security.ubuntu.com precise-security/main TranslationIndex
Hit http://security.ubuntu.com precise-security/multiverse TranslationIndex
Hit http://security.ubuntu.com precise-security/restricted TranslationIndex
Hit http://security.ubuntu.com precise-security/universe TranslationIndex
Hit http://security.ubuntu.com precise-security/main Translation-en
Hit http://security.ubuntu.com precise-security/multiverse Translation-en
Hit http://security.ubuntu.com precise-security/restricted Translation-en
Hit http://security.ubuntu.com precise-security/universe Translation-en
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
mysql-server-core-5.5 is already the newest version.
mysql-server-core-5.5 set to manually installed.
The following packages were automatically installed and are no longer required:
libcache-cache-perl securityonion-libsys-info-driver-linux-perl
libtest-exception-perl libmono-data-tds2.0-cil libio-stty-perl
libauthen-krb5-simple-perl libdevel-symdump-perl libjansson4
securityonion-menu securityonion-bro-scripts
securityonion-libnet-ssh-expect-perl libmono-security2.0-cil libgeo-ip-perl
securityonion-setup libtime-duration-perl libtest-pod-coverage-perl
libboost-filesystem1.46.1 securityonion-libsys-info-perl libmono-wcf3.0-cil
securityonion-logo libfile-remove-perl securityonion-pfring-ld
libexporter-lite-perl securityonion-libparse-snort-perl mysqltcl
libhttp-body-perl libnet-ip-perl libmono-system2.0-cil libalgorithm-c3-perl
libanyevent-http-perl libplack-perl libio-stringy-perl libmono-corlib4.0-cil
libnet-dns-perl securityonion-profile libtest-tcp-perl
securityonion-libnet-ldap-express-perl libmono-system-security4.0-cil
libwireshark1 libmono-sqlite2.0-cil libclass-load-perl libclone-perl
securityonion-libmoosex-classattribute-perl ruby-bundler sslsniff
securityonion-libplack-builder-conditionals-perl
securityonion-libdist-checkconflicts-perl securityonion-samples
securityonion-libunix-processors-perl libauthen-simple-dbi-perl
securityonion-libmath-pari-perl libmodule-scandeps-perl securityonion-server
securityonion-sudoers securityonion-sostat linux-headers-3.2.0-40
linux-headers-3.2.0-35 securityonion-sguil-agent-ossec libyaml-syck-perl
libmono-system-xml4.0-cil libossp-uuid-perl libfile-sharedir-perl
libmono-corlib2.0-cil
securityonion-libdata-google-visualization-datasource-perl sniffit php5
libanyevent-perl securityonion-libmodule-implementation-perl
securityonion-sguil-server libboost-system1.46.1 libauthen-simple-perl
daemonlogger securityonion-elsa-web-perl
securityonion-libmath-bigint-pari-perl libanyevent-dbi-perl
securityonion-wkhtmltopdf netexpect libstring-crc32-perl libio-pty-perl
securityonion-libmailtools-perl libjson-xs-perl libdevel-stacktrace-perl
securityonion-argus-server securityonion-libmodule-runtime-perl
libpackage-stash-perl tcpstat libmodule-refresh-perl libmath-round-perl
libpackage-stash-xs-perl libdate-manip-perl securityonion-elsa-node-perl
libclass-load-xs-perl php5-sqlite liblog-log4perl-perl
libmono-i18n-west2.0-cil securityonion-libsocket-perl xplico libapr1
libjson-perl securityonion-http-agent tcpxtract hping3
securityonion-pfring-daq securityonion-sguild-add-user
libparse-recdescent-perl libdbd-sqlite3-perl iwidgets4 libipc-sharelite-perl
wireshark-common libnamespace-autoclean-perl securityonion-netsniff-ng
libmono-system-messaging2.0-cil libclass-c3-perl
libmono-system-configuration4.0-cil libmodule-runtime-perl
libapache2-mod-php5 libdevel-stacktrace-ashtml-perl libwsutil1
securityonion-libplack-middleware-crossorigin-perl libmodule-install-perl
libauthen-pam-perl libmono-posix2.0-cil libaprutil1-ldap mono-runtime
securityonion-libtest-sys-info-perl apache2-mpm-prefork php5-gd python-scapy
libemail-foldertype-perl securityonion-pulledpork liblog-any-perl
securityonion-et-rules securityonion-pfring-userland libtree-dagnode-perl
apache2-utils libfont-ttf-perl libdatetime-timezone-perl
libpackage-deprecationmanager-perl libfile-slurp-perl
libauthen-simple-ldap-perl chaosreader libclass-inspector-perl
libdigest-jhash-perl securityonion-rule-update securityonion-skel ruby1.8
tcpflow libpar-dist-perl labrea libspreadsheet-writeexcel-perl autossh
librecode0 libyaml-0-2 libdevel-globaldestruction-perl libexpect-perl
libmoosex-clone-perl apache2.2-common libudp-tcl securityonion-passenger
libany-moose-perl libmono-messaging2.0-cil dsniff
securityonion-pfring-module securityonion-libsub-exporter-progressive-perl
libtest-class-perl tcllib p0f securityonion-web-page
libtime-duration-parse-perl libdumbnet1 tclx8.4 securityonion-limits
securityonion-libtime-hires-perl libtest-warn-perl libparams-util-perl
securityonion-snort libnet-ldap-filterbuilder-perl libxml-writer-perl
libcarp-assert-perl libmono-system-data-linq2.0-cil mono-4.0-gac
libparams-validate-perl libtest-fatal-perl libmono-system-data2.0-cil
libgif4 tcptrace libsub-identify-perl libsub-uplevel-perl expect
libreadline5 libtext-csv-perl libmono2.0-cil securityonion-passenger-conf
libsmi2ldbl libtest-output-perl libaprutil1-dbd-sqlite3 libwireshark-data
netcat6 libtry-tiny-perl dkms mono-gac libtest-nowarnings-perl
libtest-inter-perl libmro-compat-perl libmoosex-traits-perl apache2.2-bin
libtest-pod-perl securityonion-libdigest-sha1-perl
libmoosex-log-log4perl-perl securityonion-libconfig-general-perl
linux-headers-3.2.0-40-generic linux-headers-3.2.0-35-generic ngrep
libdata-optlist-perl recode securityonion-libstream-buffered-perl
securityonion-squert-cron libdatetime-format-strptime-perl
securityonion-argus-clients libdatetime-perl ssldump securityonion-snorby
libwant-perl securityonion-libsys-info-base-perl prads libboost-thread1.46.1
libsub-install-perl securityonion-login-screen libsub-exporter-perl
securityonion-libplack-middleware-nomultipleslashes-perl
libb-hooks-endofscope-perl libdata-serializer-perl driftnet
libtest-sharedfork-perl libdatetime-locale-perl libmono-sharpzip2.84-cil
securityonion-suricata libtask-weaken-perl securityonion-client tcpick itcl3
securityonion-liburl-encode-perl libdata-visitor-perl
libnamespace-clean-perl netsed libchi-perl libstring-rewriteprefix-perl
libtest-deep-perl tcl8.4 libemail-date-format-perl securityonion-barnyard2
securityonion-libsys-hostname-fqdn-perl libvariable-magic-perl
libfile-path-expand-perl bittwist securityonion-sguil-client wireshark
securityonion-squert libmono-webbrowser2.0-cil libc-ares2 libpath-class-perl
liblog4cpp5 securityonion-liburi-encode-perl libsearch-queryparser-perl
libmono-system-web2.0-cil libhash-util-fieldhash-compat-perl
libparams-classify-perl libmono-accessibility2.0-cil libnet-cidr-lite-perl
libmoosex-storage-perl libruby1.9.1 libhash-moreutils-perl libpdf-api2-perl
libpod-coverage-perl php5-mysql tcpflow-no-tags liblist-moreutils-perl
libtie-toobject-perl libclass-data-inheritable-perl python3-httplib2
libmoose-perl securityonion-libdata-google-visualization-datatable-perl
libcommon-sense-perl libauthen-simple-kerberos-perl
libcontextual-return-perl php5-cli libruby1.8 sqlite3 securityonion-daq
libmoosex-attributehelpers-perl libfilesys-notify-simple-perl
securityonion-libsearch-queryparser-sql-perl
securityonion-libsys-meminfo-perl tcpreplay libcache-fastmmap-perl
securityonion-bro libwiretap1 libconfig-json-perl
securityonion-libdata-serializable-perl htop libpdf-api2-simple-perl
libeval-closure-perl lame libtest-requires-perl securityonion-networkminer
securityonion-libchi-driver-dbi-perl libev-perl hunt libaprutil1
securityonion-sensor tshark libossp-uuid16 itk3
liblwp-useragent-determined-perl tcl-tls
securityonion-libmodule-pluggable-perl securityonion-reassembler php5-common
libemail-simple-perl libclass-singleton-perl ruby1.9.1 libnet1
libauthen-simple-pam-perl libtest-use-ok-perl libdigest-hmac-perl
libmono-security4.0-cil libemail-localdelivery-perl libhash-multivalue-perl
securityonion-capme libcrypt-dh-perl libplack-middleware-session-perl
libgdiplus securityonion-sguil-db-purge libmono-winforms2.0-cil
securityonion-nsmnow-admin-scripts tcpslice libyaml-perl libnids1.21
securityonion-sguil-sensor libmono-system4.0-cil
Use 'apt-get autoremove' to remove them.
Suggested packages:
tinyca mailx
The following packages will be upgraded:
mysql-server mysql-server-5.5
2 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
3 not fully installed or removed.
Need to get 0 B/8,867 kB of archives.
After this operation, 57.3 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
dpkg: dependency problems prevent configuration of mysql-server-5.5:
mysql-server-5.5 depends on mysql-server-core-5.5 (= 5.5.29-0ubuntu0.12.04.2); however:
Version of mysql-server-core-5.5 on system is 5.5.31-0ubuntu0.12.04.2.
dpkg: error processing mysql-server-5.5 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of mysql-server:
mysql-server depends on mysql-server-5.5; however:
Package mysql-server-5.5 is not configured yet.
No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because the error message indicates its a followup error from a previous failure.
dpkg: error processing mysql-server (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of securityonion-snorby:
securityonion-snorby depends on mysql-server; however:
Package mysql-server is not configured yet.
dpkg: error processing securityonion-snorby (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
mysql-server-5.5
mysql-server
securityonion-snorby
E: Sub-process /usr/bin/dpkg returned an error code (1)
(Sensor2)@(Sensor2IP):~$
Doug Burks
Security Onion. This thread appears to be related:
http://askubuntu.com/questions/218418/dependency-problem-with-mysql-server-core-5-5
You can try some of the fixes in that thread, but if you continue to
have issues, you may just want to wipe and reinstall.
Thanks,
Doug
Noah Jaehnert
Thanks,
-Noah