Get snort back and maintained!

sullrich

Sounds great.  Currently the only thing that needs fixing is the screen scraping code that extracts the version information.

There may or may not be another problem related to snort moving the download locations for the rules.  Basically all of the breakage has been due to Snort changing their download pages and html.  Maybe there is a cleaner way to glean this information from snort.org but I am not privy to it.

JustinHoMi

I believe the problem with the scraper is that snort.com was blocking whatever http referrer header was being sent by php. If you forge the referrer then the script works.

A bigger problem is that snort frequently fails to launch when it's started by php. I haven't looked into it yet, but the first thing I'd look at is the php timeout value.

I've also noticed that snort dies if you load too many rules. On my server if snort used more than 400 (or so) megs of ram then it would die before it finished initializing.

JustinHoMi

I fixed the issue with snort dying on startup. It was a bug in snort.xml that caused snort to start twice each time you saved a preference.

With that fixed, auto-update should work now.

FBI01

;D - well done. Will snort be included to the official list in the Packet Manager in 1.2.1 and/or 1.3 ?
What's to do including ist manually ? Please post a well known and working link to a working list or discribe the steps - Thanks !!!

FBI01

JustinHoMi

I found yet another bug related to auto-update (that makes four). I don't know how this package ever worked!

I'll post the code as soon as I get through all these little bugs.

Guest

First off, Justin, thank you very much for working on this project!  Your efforts will be greatly appreciated.  I'm going to move this thread to Packages now because this doesn't fit the "bounty" criteria.  Even so, I certainly hope that all the people who have been complaining about the snort package will find it in their hearts to paypal you some money for your efforts.

serialdie

I am not a snort complainer but I would like to be a user… I wont mind giving out a small donation once is stable!
Thank You for your efforts!

cubert

Sorry went on Vacation last 4 days.. This is great news.. I look forward to seeing and helping get tis fixed.

aven

Anyone try snort2pfsense? http://www.bellera.cat/josep/snort2pfsense/

It looks like it will work with snort on a seperate server and SSH into the pfsense box… I am having trouble getting it to work.

Are there any other alternatives to Snort? I'd hate to have to manually check logs for suspicious activity just to find out someones trying to attack my servers...

ccnet

What troubles ? I'm also interesting to snort2pfsense.

lordarcane

Snort works like a charm on pfsense 1.2.1 rc2. The whole 1.2.1 rc2 is a great release and I now run that with snort, squid/squidguard/lightsquid

Try it out!