Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort-dev has been released. old snort has been renamed snort-old

    Scheduled Pinned Locked Moved pfSense Packages
    50 Posts 20 Posters 18.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jamesdean
      last edited by

      Post issues if you find any.  ;D

      1; IE 8 stalls when downloading rules.

      2: /var/run/snort needs a cron job to watch the size and delete if it gets full.

      Snort-dev has been released. old snort has been renamed snort-old.

      TODO: for next release

      Add user suggested improvements.
      Test snort on all major browsers and OS's and adjust code.
      Add a cron job to remove /var/log/snort when it gets too full.
      Add IP spoofing tab
      Add threshold tab
      Add user upload tab.
      add nanobsd code.

      James

      1 Reply Last reply Reply Quote 0
      • K Offline
        keeper 0
        last edited by

        Thanks James for your work.

        More power.

        1 Reply Last reply Reply Quote 0
        • S Offline
          simby
          last edited by

          Jamesdean, thanks for all your support and work on this snort. you are awsom!!

          1 Reply Last reply Reply Quote 0
          • N Offline
            netmethods
            last edited by

            Thank you James! Great work! Running 1.19 on 1.2.3-RELEASE in a HA config with no issues other than a little threshold tuning. GUI looks great and everything works like it should. Thank you again!

            2x Nexcom 1088n8 in HA config
            2.4 GHz Quad Core / 4GB DDR2 / SATAII 160GB / 4x1GB Intel module

            1 Reply Last reply Reply Quote 0
            • P Offline
              pmb1010
              last edited by

              @jamesdean:

              1; IE 8 stalls when downloading rules.

              More feedback - my IE8 D/L issue might be isolated. I had another setup sucessfully work controlled by IE8.

              1 Reply Last reply Reply Quote 0
              • M Offline
                mentalhemroids
                last edited by

                Thanks for all your help JamesDean!  I will say that I am still having Snort issues, but I'm going have to do another clean 1.2.3 install and see what happens.  I've loved using Snort, so I hope I can continue to.

                1 Reply Last reply Reply Quote 0
                • L Offline
                  lightenup
                  last edited by

                  Sweet! Thanks for all the great work on this package! I just installed the new version however I dont see where you can add adutional config options, it used to have a GUI section for custom options that would add <configpassthru>and <snortbarnyardlog_database>.

                  LiGHT</snortbarnyardlog_database></configpassthru>

                  1 Reply Last reply Reply Quote 0
                  • L Offline
                    lightenup
                    last edited by

                    Humm…  Im also missing the rule editor. Is this in the new version as well? Perhaps my install went bad at some point.

                    LiGHT

                    1 Reply Last reply Reply Quote 0
                    • L Offline
                      lightenup
                      last edited by

                      Never mind my previous posts, I went into my /cf/conf/config.xml and removed all traces of the snort package, reinstalled and everything is looking NICE! Good job on this package folks!

                      LiGHT

                      1 Reply Last reply Reply Quote 0
                      • T Offline
                        tester_02
                        last edited by

                        Bad day so far.  I thought this would be easy install from the last dev to the release.  I uninstalled the last dev release and rebooted (I always like a clean boot).  Then pfsense (1.2.3)failed to respond.  I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
                        I could not browse into the pfsense box, but I could ssh in.
                        I needed it back in a hurry and after 30 minutes I could not figure it out.  So fresh install and restore and I am back up and running.  Maybe the next machine I'll skip the reboot process :)
                          Just my warning….

                        1 Reply Last reply Reply Quote 0
                        • N Offline
                          netmethods
                          last edited by

                          tester_02

                          It might've been easier to just reinstall the upgrade from ssh so you didn't have to reconfigure. This happened to me a little bit ago, but wasn't snort related.

                          -J

                          2x Nexcom 1088n8 in HA config
                          2.4 GHz Quad Core / 4GB DDR2 / SATAII 160GB / 4x1GB Intel module

                          1 Reply Last reply Reply Quote 0
                          • T Offline
                            tester_02
                            last edited by

                            I remember some posts on how to do it, but I could not get on the net easily and browse here to find the commands to do it.  It was easier to install and import config than to get on the net to find out how.  freebsd newb here.

                            Got a new reinstall down to 1/2 hour with everything back to normal.  Good thing I've remembered to export any changes :)

                            1 Reply Last reply Reply Quote 0
                            • V Offline
                              vito
                              last edited by

                              Hi JamesDean,
                              I just did an upgrade from what was "old-Snort" to the latest version.
                              In the some where during the upgrade i got this error

                              Fatal error: Cannot redeclare sync_package_snort_reinstall() (previously declared in /usr/local/pkg/snort.inc:46) in /usr/local/pkg/snort/snort.inc on line 323

                              The upgrade froze, so i did the upgrade again and it seemed to install ok.

                              I need to reset up Snort at this point so i do not have any useful feed back yet
                              But i do have a GUI issue See screen shot
                              Thanks for your help

                              running PF 1.2.3 FULL
                              tested on FF3.6.2 and IE 8

                              ![4-1-2010 10-11-57 PM.png](/public/imported_attachments/1/4-1-2010 10-11-57 PM.png)
                              ![4-1-2010 10-11-57 PM.png_thumb](/public/imported_attachments/1/4-1-2010 10-11-57 PM.png_thumb)
                              ![4-1-2010 10-12-57 PM.png](/public/imported_attachments/1/4-1-2010 10-12-57 PM.png)
                              ![4-1-2010 10-12-57 PM.png_thumb](/public/imported_attachments/1/4-1-2010 10-12-57 PM.png_thumb)

                              1 Reply Last reply Reply Quote 0
                              • N Offline
                                netmethods
                                last edited by

                                Just tried to run the update manually and it seems to stuck on clean up process.

                                When checking the logs, I see this twice:
                                snort[45846]: Could not remove pid file /var/run//snort_em19121_em1.pid: Permission denied

                                I'm guessing this has something to do with the snort account permissions on the files/folder? Unfortunately, I'm still fairly new to using the CLI on FreeBSD and Linux, etc and not sure how to fix this.

                                2x Nexcom 1088n8 in HA config
                                2.4 GHz Quad Core / 4GB DDR2 / SATAII 160GB / 4x1GB Intel module

                                1 Reply Last reply Reply Quote 0
                                • S Offline
                                  simby
                                  last edited by

                                  @tester_02:

                                  Bad day so far.  I thought this would be easy install from the last dev to the release.  I uninstalled the last dev release and rebooted (I always like a clean boot).  Then pfsense (1.2.3)failed to respond.  I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
                                  I could not browse into the pfsense box, but I could ssh in.
                                  I needed it back in a hurry and after 30 minutes I could not figure it out.  So fresh install and restore and I am back up and running.  Maybe the next machine I'll skip the reboot process :)
                                    Just my warning….

                                  I have the same problem!! Fresh install :)

                                  1 Reply Last reply Reply Quote 0
                                  • J Offline
                                    jamesdean
                                    last edited by

                                    @netmethods:

                                    Just tried to run the update manually and it seems to stuck on clean up process.

                                    When checking the logs, I see this twice:
                                    snort[45846]: Could not remove pid file /var/run//snort_em19121_em1.pid: Permission denied

                                    I'm guessing this has something to do with the snort account permissions on the files/folder? Unfortunately, I'm still fairly new to using the CLI on FreeBSD and Linux, etc and not sure how to fix this.

                                    One low end systems cleanup may take a few minutes.
                                    "snort_em19121_em1.pid" has nothing to do with updates.

                                    I'll review the code but its working for me on firefox.

                                    Maybe its a IE thing I have to workout.

                                    Are you on nanobsd ?

                                    What browser and pfsense version are you using ?

                                    james

                                    1 Reply Last reply Reply Quote 0
                                    • J Offline
                                      jamesdean
                                      last edited by

                                      @simby:

                                      @tester_02:

                                      Bad day so far.  I thought this would be easy install from the last dev to the release.  I uninstalled the last dev release and rebooted (I always like a clean boot).  Then pfsense (1.2.3)failed to respond.  I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
                                      I could not browse into the pfsense box, but I could ssh in.
                                      I needed it back in a hurry and after 30 minutes I could not figure it out.  So fresh install and restore and I am back up and running.  Maybe the next machine I'll skip the reboot process :)
                                       Just my warning….

                                      I have the same problem!! Fresh install :)

                                      I think I know whats wrong. I am unistalling mysql and perl. I fix it in a bit.

                                      James

                                      1 Reply Last reply Reply Quote 0
                                      • C Offline
                                        ColdFusion
                                        last edited by

                                        Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
                                        Ver. 2.8.5.3 pkg v. 1.19

                                        1 Reply Last reply Reply Quote 0
                                        • V Offline
                                          vito
                                          last edited by

                                          @ColdFusion:

                                          Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
                                          Ver. 2.8.5.3 pkg v. 1.19

                                          This is the first time i am using the new package, so i am not sure if it should be somewhere else…
                                          But i do have a category tab on the interface

                                          1 Reply Last reply Reply Quote 0
                                          • J Offline
                                            jamesdean
                                            last edited by

                                            @vito:

                                            @ColdFusion:

                                            Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
                                            Ver. 2.8.5.3 pkg v. 1.19

                                            This is the first time i am using the new package, so i am not sure if it should be somewhere else…
                                            But i do have a category tab on the interface

                                            @anyone having troubles with the new package
                                            Tracked the problems to the old-snort.
                                            Seems old-snort is not uninstalling completely and is conflicting with the new install.
                                            Do a fresh install, sorry I didn't see this coming.

                                            James

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.