pfSense » pfSense Packages

Recently I've noticed that updating Suricata versions takes a very long time, every time. After an update to the latest pfSense dev build, I saw these in the system logs - notice it took 10 minutes on a single step (logs reversed):

Jan 5 14:43:13     pkg-static     43609     pfSense-pkg-suricata upgraded: 6.0.8_4 -> 6.0.8_5
Jan 5 14:40:16     kernel         done.
Jan 5 14:40:16     php     70799     //etc/rc.packages: Successfully installed package: suricata.
Jan 5 14:40:16     kernel         done.
Jan 5 14:40:16     php     70799     //etc/rc.packages: Configuration Change: (system): Overwrote previous installation of suricata.
Jan 5 14:40:16     php     70799     [Suricata] Package post-installation tasks completed.
Jan 5 14:40:16     php     70799     //etc/rc.packages: Configuration Change: (system): Suricata pkg v6.0.8_5: post-install configuration saved.
Jan 5 14:40:16     php     70799     [Suricata] Finished rebuilding installation from saved settings.
Jan 5 14:40:15     php     70799     //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_for_rule_updates.php
Jan 5 14:40:15     php     70799     //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600
Jan 5 14:40:15     kernel         done.
Jan 5 14:40:15     php     70799     //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc
Jan 5 14:40:15     php     70799     [Suricata] Building new sid-msg.map file for ISP1...
Jan 5 14:40:13     php     70799     [Suricata] Updating rules configuration for: ISP1 ...
Jan 5 14:40:13     php     70799     [Suricata] The Rules update has finished.
Jan 5 14:40:13     php     70799     [Suricata] Removed 0 obsoleted rules category files.
Jan 5 14:40:13     kernel         done.
Jan 5 14:40:13     php     70799     [Suricata] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.
Jan 5 14:40:13     php     70799     [Suricata] Extra ETNetera rules were updated...
Jan 5 14:40:13     kernel         done.
Jan 5 14:40:13     php     70799     [Suricata] Extra ETNetera rules file update downloaded successfully.
Jan 5 14:40:03     kernel         Extra MalSilo rules were updated.
Jan 5 14:40:03     php     70799     [Suricata] Extra MalSilo rules were updated...
Jan 5 14:40:03     kernel         done.
Jan 5 14:40:03     php     70799     [Suricata] Extra MalSilo rules file update downloaded successfully.
Jan 5 14:40:03     kernel         done.
Jan 5 14:29:51     php     70799     [Suricata] ABUSE.ch SSL Blacklist rules were updated...
Jan 5 14:29:51     kernel         done.
Jan 5 14:29:51     php     70799     [Suricata] ABUSE.ch SSL Blacklist rules file update downloaded successfully.
Jan 5 14:19:40     kernel         Feodo Tracker Botnet C2 IP rules were updated.
Jan 5 14:19:40     php     70799     [Suricata] Feodo Tracker Botnet C2 IP rules were updated...
Jan 5 14:19:40     kernel         done.
Jan 5 14:19:40     php     70799     [Suricata] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Jan 5 14:19:38     kernel         done.
Jan 5 14:19:38     php     70799     [Suricata] Snort GPLv2 Community Rules file update downloaded successfully.
Jan 5 14:19:36     kernel         done.
Jan 5 14:19:36     php     70799     [Suricata] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Jan 5 14:19:35     kernel         done.
Jan 5 14:19:35     php     70799     [Suricata] Emerging Threats Open rules file update downloaded successfully.
Jan 5 14:19:34     kernel         done.
Jan 5 14:19:34     php     70799     [Suricata] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
Jan 5 14:19:26     kernel         done.
Jan 5 14:19:26     php     70799     [Suricata] Downloading and updating configured rule types.
Jan 5 14:19:26     php     70799     [Suricata] Configuration version is current.
Jan 5 14:19:26     php     70799     [Suricata] Checking configuration settings version...
Jan 5 14:19:26     kernel         Saved settings detected...
Jan 5 14:19:26     php     70799     [Suricata] Saved settings detected... rebuilding installation with saved settings.
Jan 5 14:19:25     php     70799     //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_geoipupdate.php
Jan 5 14:19:25     php     70799     [Suricata] Cleaning up temp files after GeoLite2-Country database update.
Jan 5 14:19:25     php     70799     [Suricata] GeoLite2-Country database update completed.
Jan 5 14:19:25     php     70799     [Suricata] Moving new database to /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb...
Jan 5 14:19:25     php     70799     [Suricata] Extracting new GeoLite2-Country database from the archive...
Jan 5 14:19:25     php     70799     [Suricata] New GeoLite2-Country IP database gzip archive successfully downloaded.
Jan 5 14:19:24     php     70799     [Suricata] Downloading new GeoLite2-Country IP database...
Jan 5 14:19:24     php     70799     [Suricata] A new GeoLite2-Country IP database is available.
Jan 5 14:19:23     php     70799     [Suricata] Checking for updated MaxMind GeoLite2 IP database file...
Jan 5 14:19:23     php     70799     [Suricata] Installing free GeoLite2 country IP database file in /usr/local/share/suricata/GeoLite2/...
Jan 5 14:19:23     php     70799     //etc/rc.packages: Configuration Change: (system): Intermediate config write during package install for suricata.
Jan 5 14:19:23     php     70799     //etc/rc.packages: Beginning package installation for suricata .
Jan 5 14:19:22     php     48950     [Suricata] Flushing all blocked hosts from <snort2c> table due to package removal...
Jan 5 14:19:22     php     48950     /etc/rc.packages: Configuration Change: (system): Suricata pkg removed Dashboard Alerts widget.
Jan 5 14:19:22     php     48950     /etc/rc.packages: Configuration Change: (system): Removed cron job for suricata_geoipupdate.php
Jan 5 14:19:22     php     48950     /etc/rc.packages: Configuration Change: (system): Removed cron job for snort2c
Jan 5 14:19:22     php     48950     /etc/rc.packages: Configuration Change: (system): Removed cron job for suricata_check_cron_misc.inc
Jan 5 14:19:22     php     48950     /etc/rc.packages: Configuration Change: (system): Removed cron job for suricata_check_for_rule_updates.php
Jan 5 14:19:20     php     48950     [Suricata] Suricata package uninstall in progress...

Downloading the files directly on a browser finished immediately so I don't think it's a bandwidth issue:
https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.tar.gz
https://feodotracker.abuse.ch/downloads/feodotracker.tar.gz