Bug #13839
Updated by Marcos M almost 2 years ago
Recently I've noticed that updating Suricata versions takes a very long time, every time. After an update to the latest pfSense dev build, I saw these in the system logs - notice it took 10 minutes on a single step (logs reversed): <pre> Jan 5 14:43:13 pkg-static 43609 pfSense-pkg-suricata upgraded: 6.0.8_4 -> 6.0.8_5 Jan 5 14:40:16 kernel done. Jan 5 14:40:16 php 70799 //etc/rc.packages: Successfully installed package: suricata. Jan 5 14:40:16 kernel done. Jan 5 14:40:16 php 70799 //etc/rc.packages: Configuration Change: (system): Overwrote previous installation of suricata. Jan 5 14:40:16 php 70799 [Suricata] Package post-installation tasks completed. Jan 5 14:40:16 php 70799 //etc/rc.packages: Configuration Change: (system): Suricata pkg v6.0.8_5: post-install configuration saved. Jan 5 14:40:16 php 70799 [Suricata] Finished rebuilding installation from saved settings. Jan 5 14:40:15 php 70799 //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_for_rule_updates.php Jan 5 14:40:15 php 70799 //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600 Jan 5 14:40:15 kernel done. Jan 5 14:40:15 php 70799 //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc Jan 5 14:40:15 php 70799 [Suricata] Building new sid-msg.map file for ISP1... Jan 5 14:40:13 php 70799 [Suricata] Updating rules configuration for: ISP1 ... Jan 5 14:40:13 php 70799 [Suricata] The Rules update has finished. Jan 5 14:40:13 php 70799 [Suricata] Removed 0 obsoleted rules category files. Jan 5 14:40:13 kernel done. Jan 5 14:40:13 php 70799 [Suricata] Hide Deprecated Rules is enabled. Removing obsoleted rules categories. Jan 5 14:40:13 php 70799 [Suricata] Extra ETNetera rules were updated... Jan 5 14:40:13 kernel done. Jan 5 14:40:13 php 70799 [Suricata] Extra ETNetera rules file update downloaded successfully. Jan 5 14:40:03 kernel Extra MalSilo rules were updated. Jan 5 14:40:03 php 70799 [Suricata] Extra MalSilo rules were updated... Jan 5 14:40:03 kernel done. Jan 5 14:40:03 php 70799 [Suricata] Extra MalSilo rules file update downloaded successfully. Jan 5 14:40:03 kernel done. Jan 5 14:29:51 php 70799 [Suricata] ABUSE.ch SSL Blacklist rules were updated... Jan 5 14:29:51 kernel done. Jan 5 14:29:51 php 70799 [Suricata] ABUSE.ch SSL Blacklist rules file update downloaded successfully. Jan 5 14:19:40 kernel Feodo Tracker Botnet C2 IP rules were updated. Jan 5 14:19:40 php 70799 [Suricata] Feodo Tracker Botnet C2 IP rules were updated... Jan 5 14:19:40 kernel done. Jan 5 14:19:40 php 70799 [Suricata] Feodo Tracker Botnet C2 IP rules file update downloaded successfully. Jan 5 14:19:38 kernel done. Jan 5 14:19:38 php 70799 [Suricata] Snort GPLv2 Community Rules file update downloaded successfully. Jan 5 14:19:36 kernel done. Jan 5 14:19:36 php 70799 [Suricata] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz... Jan 5 14:19:35 kernel done. Jan 5 14:19:35 php 70799 [Suricata] Emerging Threats Open rules file update downloaded successfully. Jan 5 14:19:34 kernel done. Jan 5 14:19:34 php 70799 [Suricata] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz... Jan 5 14:19:26 kernel done. Jan 5 14:19:26 php 70799 [Suricata] Downloading and updating configured rule types. Jan 5 14:19:26 php 70799 [Suricata] Configuration version is current. Jan 5 14:19:26 php 70799 [Suricata] Checking configuration settings version... Jan 5 14:19:26 kernel Saved settings detected... Jan 5 14:19:26 php 70799 [Suricata] Saved settings detected... rebuilding installation with saved settings. Jan 5 14:19:25 php 70799 //etc/rc.packages: Configuration Change: (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_geoipupdate.php Jan 5 14:19:25 php 70799 [Suricata] Cleaning up temp files after GeoLite2-Country database update. Jan 5 14:19:25 php 70799 [Suricata] GeoLite2-Country database update completed. Jan 5 14:19:25 php 70799 [Suricata] Moving new database to /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb... Jan 5 14:19:25 php 70799 [Suricata] Extracting new GeoLite2-Country database from the archive... Jan 5 14:19:25 php 70799 [Suricata] New GeoLite2-Country IP database gzip archive successfully downloaded. Jan 5 14:19:24 php 70799 [Suricata] Downloading new GeoLite2-Country IP database... Jan 5 14:19:24 php 70799 [Suricata] A new GeoLite2-Country IP database is available. Jan 5 14:19:23 php 70799 [Suricata] Checking for updated MaxMind GeoLite2 IP database file... Jan 5 14:19:23 php 70799 [Suricata] Installing free GeoLite2 country IP database file in /usr/local/share/suricata/GeoLite2/... Jan 5 14:19:23 php 70799 //etc/rc.packages: Configuration Change: (system): Intermediate config write during package install for suricata. Jan 5 14:19:23 php 70799 //etc/rc.packages: Beginning package installation for suricata . Jan 5 14:19:22 php 48950 [Suricata] Flushing all blocked hosts from <snort2c> table due to package removal... Jan 5 14:19:22 php 48950 /etc/rc.packages: Configuration Change: (system): Suricata pkg removed Dashboard Alerts widget. Jan 5 14:19:22 php 48950 /etc/rc.packages: Configuration Change: (system): Removed cron job for suricata_geoipupdate.php Jan 5 14:19:22 php 48950 /etc/rc.packages: Configuration Change: (system): Removed cron job for snort2c Jan 5 14:19:22 php 48950 /etc/rc.packages: Configuration Change: (system): Removed cron job for suricata_check_cron_misc.inc Jan 5 14:19:22 php 48950 /etc/rc.packages: Configuration Change: (system): Removed cron job for suricata_check_for_rule_updates.php Jan 5 14:19:20 php 48950 [Suricata] Suricata package uninstall in progress... </pre> Downloading the files directly on a browser finished immediately so I don't think it's a bandwidth issue: https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.tar.gz https://feodotracker.abuse.ch/downloads/feodotracker.tar.gz