snort
-
Good Morning !
I could not identify the error related to snort parameter content_group_process_client_352
,,_ -> Snort! <-
o" )~ Version 2.9.19 GRE (Build 85) FreeBSD
'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.10.1
Using PCRE version: 8.45 2021-06-15
Using ZLIB version: 1.2.11screenshot
-
-
This is a harmless error. It means there is a mismatch between the name of an AppID entry as used in a text rule compared to the name in the OpenAppID stub detectors.
This is a consequence of the fact the OpenAppID text rules have not been maintained by the original developer. You can manually
grep
through the various configuration files in the OpenAppID subsystem to identify the problem areas and fix them if desired.Sorry to say that more and more problems like this are going to crop up in OpenAppID for the Snort 2.9.x branch as the upstream Snort folks have concentrated all their efforts on the Snort3 branch. There is no Snort3 package for pfSense, and currently there is no plan to produce one. You may want to consider Suricata at some point, but there is no equivalent of OpenAppID in Suricata yet.