Snort-dev has been released. old snort has been renamed snort-old

jamesdean

Post issues if you find any. ;D

1; IE 8 stalls when downloading rules.

2: /var/run/snort needs a cron job to watch the size and delete if it gets full.

Snort-dev has been released. old snort has been renamed snort-old.

TODO: for next release

Add user suggested improvements.
Test snort on all major browsers and OS's and adjust code.
Add a cron job to remove /var/log/snort when it gets too full.
Add IP spoofing tab
Add threshold tab
Add user upload tab.
add nanobsd code.

James

keeper 0

Thanks James for your work.

More power.

simby

Jamesdean, thanks for all your support and work on this snort. you are awsom!!

netmethods

Thank you James! Great work! Running 1.19 on 1.2.3-RELEASE in a HA config with no issues other than a little threshold tuning. GUI looks great and everything works like it should. Thank you again!

pmb1010

@jamesdean:

1; IE 8 stalls when downloading rules.

More feedback - my IE8 D/L issue might be isolated. I had another setup sucessfully work controlled by IE8.

mentalhemroids

Thanks for all your help JamesDean! I will say that I am still having Snort issues, but I'm going have to do another clean 1.2.3 install and see what happens. I've loved using Snort, so I hope I can continue to.

lightenup

Sweet! Thanks for all the great work on this package! I just installed the new version however I dont see where you can add adutional config options, it used to have a GUI section for custom options that would add <configpassthru>and <snortbarnyardlog_database>.

LiGHT</snortbarnyardlog_database></configpassthru>

lightenup

Humm… Im also missing the rule editor. Is this in the new version as well? Perhaps my install went bad at some point.

LiGHT

lightenup

Never mind my previous posts, I went into my /cf/conf/config.xml and removed all traces of the snort package, reinstalled and everything is looking NICE! Good job on this package folks!

LiGHT

tester_02

Bad day so far. I thought this would be easy install from the last dev to the release. I uninstalled the last dev release and rebooted (I always like a clean boot). Then pfsense (1.2.3)failed to respond. I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
I could not browse into the pfsense box, but I could ssh in.
I needed it back in a hurry and after 30 minutes I could not figure it out. So fresh install and restore and I am back up and running. Maybe the next machine I'll skip the reboot process :)
Just my warning….

netmethods

tester_02

It might've been easier to just reinstall the upgrade from ssh so you didn't have to reconfigure. This happened to me a little bit ago, but wasn't snort related.

-J

tester_02

I remember some posts on how to do it, but I could not get on the net easily and browse here to find the commands to do it. It was easier to install and import config than to get on the net to find out how. freebsd newb here.

Got a new reinstall down to 1/2 hour with everything back to normal. Good thing I've remembered to export any changes :)

vito

Hi JamesDean,
I just did an upgrade from what was "old-Snort" to the latest version.
In the some where during the upgrade i got this error

Fatal error: Cannot redeclare sync_package_snort_reinstall() (previously declared in /usr/local/pkg/snort.inc:46) in /usr/local/pkg/snort/snort.inc on line 323

The upgrade froze, so i did the upgrade again and it seemed to install ok.

I need to reset up Snort at this point so i do not have any useful feed back yet
But i do have a GUI issue See screen shot
Thanks for your help

running PF 1.2.3 FULL
tested on FF3.6.2 and IE 8

![4-1-2010 10-11-57 PM.png](/public/imported_attachments/1/4-1-2010 10-11-57 PM.png)
![4-1-2010 10-11-57 PM.png_thumb](/public/imported_attachments/1/4-1-2010 10-11-57 PM.png_thumb)
![4-1-2010 10-12-57 PM.png](/public/imported_attachments/1/4-1-2010 10-12-57 PM.png)
![4-1-2010 10-12-57 PM.png_thumb](/public/imported_attachments/1/4-1-2010 10-12-57 PM.png_thumb)

netmethods

Just tried to run the update manually and it seems to stuck on clean up process.

When checking the logs, I see this twice:
snort[45846]: Could not remove pid file /var/run//snort_em19121_em1.pid: Permission denied

I'm guessing this has something to do with the snort account permissions on the files/folder? Unfortunately, I'm still fairly new to using the CLI on FreeBSD and Linux, etc and not sure how to fix this.

simby

@tester_02:

Bad day so far. I thought this would be easy install from the last dev to the release. I uninstalled the last dev release and rebooted (I always like a clean boot). Then pfsense (1.2.3)failed to respond. I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
I could not browse into the pfsense box, but I could ssh in.
I needed it back in a hurry and after 30 minutes I could not figure it out. So fresh install and restore and I am back up and running. Maybe the next machine I'll skip the reboot process :)
Just my warning….

I have the same problem!! Fresh install :)

jamesdean

@netmethods:

Just tried to run the update manually and it seems to stuck on clean up process.

When checking the logs, I see this twice:
snort[45846]: Could not remove pid file /var/run//snort_em19121_em1.pid: Permission denied

I'm guessing this has something to do with the snort account permissions on the files/folder? Unfortunately, I'm still fairly new to using the CLI on FreeBSD and Linux, etc and not sure how to fix this.

One low end systems cleanup may take a few minutes.
"snort_em19121_em1.pid" has nothing to do with updates.

I'll review the code but its working for me on firefox.

Maybe its a IE thing I have to workout.

Are you on nanobsd ?

What browser and pfsense version are you using ?

james

jamesdean

@simby:

@tester_02:

Bad day so far. I thought this would be easy install from the last dev to the release. I uninstalled the last dev release and rebooted (I always like a clean boot). Then pfsense (1.2.3)failed to respond. I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
I could not browse into the pfsense box, but I could ssh in.
I needed it back in a hurry and after 30 minutes I could not figure it out. So fresh install and restore and I am back up and running. Maybe the next machine I'll skip the reboot process :)
Just my warning….

I have the same problem!! Fresh install :)

I think I know whats wrong. I am unistalling mysql and perl. I fix it in a bit.

James

ColdFusion

Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
Ver. 2.8.5.3 pkg v. 1.19

vito

@ColdFusion:

Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
Ver. 2.8.5.3 pkg v. 1.19

This is the first time i am using the new package, so i am not sure if it should be somewhere else…
But i do have a category tab on the interface

jamesdean

@vito:

@ColdFusion:

Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
Ver. 2.8.5.3 pkg v. 1.19

This is the first time i am using the new package, so i am not sure if it should be somewhere else…
But i do have a category tab on the interface

@anyone having troubles with the new package
Tracked the problems to the old-snort.
Seems old-snort is not uninstalling completely and is conflicting with the new install.
Do a fresh install, sorry I didn't see this coming.

James