Comments (4)
I think this is related to the windows antivirus but I can't definitely prove it (*).
First, I repro-ed the issue on a Windows 2019 Server (gcloud) VM. As I launched suricata-updater, some little lower-right corner pop-up thingy flashed by about running downloaded code.
So on a hunch (and because I know the frozen updater worked when I added it), I downloaded the full Brim prerelease at https://storage.googleapis.com/brimsec/suricata/brim-package/windows/Brim-Setup.exe , and was able to run its the suricata-updater.exe (/c/Users/henridf/AppData/Local/Brim/app-0.19.0/resources/app/zdeps/suricata/suricataupdater.exe
) ok. Since our Brim packages are signed, that might explain the difference.
(There's still something odd about the updater output... looking into that and will file a separate issue if nec).
(*) I tried disabling various "SmartScreen" controls to see if that would allow the un-signed updater to run, but it still failed. I can't claim I know those controls well enough to be sure I disabled whatever needed to (if this is indeed the culprit).
from build-suricata.
Well, the anti-virus explanation was bogus, as @philrz predicted. The problem was that the relevant python packages weren't installed on the host running pyinstaller. In investigating this today, I did confirm that an earlier version does start ok (https://storage.googleapis.com/brimsec/suricata/suricata-v5.0.3-brim11.windows-amd64.zip), where was brim12 (and onwards) exhibits that "pyyaml is required" error. I don't know how to explain that.
from build-suricata.
Verified using the "build-suricata" artifact suricata-v5.0.3-brimpre1.windows-amd64
.
On a fresh Windows 2019 Server VM on Google Cloud, I unpacked the artifact and was immediately able to run suricataupdater.exe
.
C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata>.\suricataupdater.exe
�[32m2/12/2020 -- 03:21:35�[0m - <�[33mInfo�[0m> -- Loading C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\update.yaml�[0m
�[32m2/12/2020 -- 03:21:35�[0m - <�[33mInfo�[0m> -- Found Suricata version 5.0.3 at C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\bin\suricata.exe.�[0m
�[32m2/12/2020 -- 03:21:35�[0m - <�[33mInfo�[0m> -- Loading C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\brim-conf.yaml�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Disabling rules for protocol modbus�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Disabling rules for protocol dnp3�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Disabling rules for protocol enip�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- No sources configured, will use Emerging Threats Open�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Last download less than 15 minutes ago. Not downloading https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\app-layer-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\decoder-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\dhcp-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\dnp3-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\dns-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\files.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\http-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\ipsec-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\kerberos-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\modbus-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\nfs-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\ntp-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\smb-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\smtp-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\stream-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Loading distribution rule file C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\share\suricata\rules\tls-events.rules�[0m
�[32m2/12/2020 -- 03:21:36�[0m - <�[33mInfo�[0m> -- Ignoring file rules/emerging-deleted.rules�[0m
�[32m2/12/2020 -- 03:21:37�[0m - <�[33mInfo�[0m> -- Loaded 28589 rules.�[0m
�[32m2/12/2020 -- 03:21:38�[0m - <�[33mInfo�[0m> -- Disabled 14 rules.�[0m
�[32m2/12/2020 -- 03:21:38�[0m - <�[33mInfo�[0m> -- Enabled 0 rules.�[0m
�[32m2/12/2020 -- 03:21:38�[0m - <�[33mInfo�[0m> -- Modified 0 rules.�[0m
�[32m2/12/2020 -- 03:21:38�[0m - <�[33mInfo�[0m> -- Dropped 0 rules.�[0m
�[32m2/12/2020 -- 03:21:38�[0m - <�[33mInfo�[0m> -- Enabled 145 rules for flowbit dependencies.�[0m
�[32m2/12/2020 -- 03:21:38�[0m - <�[33mInfo�[0m> -- Backing up current rules.�[0m
�[32m2/12/2020 -- 03:21:40�[0m - <�[33mInfo�[0m> -- Writing rules to C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\var\lib\suricata\rules\suricata.rules: total: 28589; enabled: 21202; added: 0; removed 0; modified: 14�[0m
�[32m2/12/2020 -- 03:21:40�[0m - <�[33mInfo�[0m> -- Writing C:\Users\phil\Downloads\suricata-v5.0.3-brimpre1.windows-amd64\suricata\var\lib\suricata\rules\classification.config�[0m
�[32m2/12/2020 -- 03:21:40�[0m - <�[33mInfo�[0m> -- Skipping test, disabled by configuration.�[0m
�[32m2/12/2020 -- 03:21:40�[0m - <�[33mInfo�[0m> -- Done.�[0m
@henridf: Do you know what to make of the message about "Last download less than 15 minutes ago. Not downloading..."? I literally ran it first thing after I unpacked the ZIP, so I'm not sure what it's comparing to. Maybe the timestamps of the files I just unpacked to the filesystem?
from build-suricata.
@henridf: Do you know what to make of the message about "Last download less than 15 minutes ago. Not downloading..."? I literally ran it first thing after I unpacked the ZIP, so I'm not sure what it's comparing to. Maybe the timestamps of the files I just unpacked to the filesystem?
Yes, that is correct. The change in #57 addresses this.
from build-suricata.
Related Issues (20)
- Submit "-r -" change to upstream Suricata HOT 1
- Build static binary for Linux
- Windows build
- Windows build with libpcap
- Move release packages to Github HOT 2
- Community ID not being generated on macOS/Linux HOT 2
- suricatarunner.exe failure on Windows Server 2019 HOT 4
- Suricata outputs [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] errors HOT 4
- Tidy up suricata package HOT 1
- Move linux build to libpcap 1.9.1 HOT 1
- Disable "escape-slash" config HOT 1
- All Suricata alerts are of category "Unknown Classtype" on CentOS v8.2 and Ubuntu 18.04 HOT 6
- Community ID not populated on Windows HOT 1
- Suricata timestamps are +2 hours relative to their corresponding Zeek events HOT 6
- Build Suricata binary for Ubuntu
- Excess "runner" paths in zip artifact bundle HOT 1
- Default checksum handling results in lack of alerts HOT 1
- Solus Linux failures HOT 1
- how to add this to Brim MacOS version ? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from build-suricata.