Snort Won't Start After Upgrade

NightHawk007

The next time everything runs properly (pfsense ,Snort) i am going to make a disk image . >:(

JSmorada

It would be nice if the snort package would be made available, even if it's unstable…with the disclaimer that it may break your system (just remember to back up your configuration, which I already do before applying any changes).

Volui

do not rush developers, it is IDS, they must be verified before release, it's my only view, anyway, waiting working SNORT!  :)

JSmorada

I'm fully aware of that and don't have a problem with the devs taking the time to  iron out the bugs, but it was working flawlessly on the previous RC builds and now it's totally disappeared. It would be nice to at least be able to follow the progress of the dev as a passive observer…

gnoel

@nipstech:

I'm fully aware of that and don't have a problem with the devs taking the time to  iron out the bugs, but it was working flawlessly on the previous RC builds and now it's totally disappeared. It would be nice to at least be able to follow the progress of the dev as a passive observer…

It wasn't working flawlessly, it was starting. Shared rules weren't functional, invalidating a whole bunch of other rules.

A Former User

@gnoel:

@nipstech:

I'm fully aware of that and don't have a problem with the devs taking the time to  iron out the bugs, but it was working flawlessly on the previous RC builds and now it's totally disappeared. It would be nice to at least be able to follow the progress of the dev as a passive observer…

It wasn't working flawlessly, it was starting. Shared rules weren't functional, invalidating a whole bunch of other rules.

Well it sure is not working now is it .Will it get fixed this year ????? >:( >:(

JSmorada

I have an idea…and this comment isn't directed toward anyone in particular...Why don't we stop the griping, whining and bitching and just let the dev's do their magic. No amount of complaining is gonna make a difference. It is what it is and none of us can do anything about it unless you're willing to back up your complaints and put your money where your mouth is with a bounty. Unfortunately, I can't afford to donate to the cause. So let's just be patient. I'm just gonna sit back and wait for snort to reappear on the package list.

Regards,
Jon

Cino

@nipstech:

I have an idea…and this comment isn't directed toward anyone in particular...Why don't we stop the griping, whining and bitching and just let the dev's do their magic. No amount of complaining is gonna make a difference. It is what it is and none of us can do anything about it unless you're willing to back up your complaints and put your money where your mouth is with a bounty. Unfortunately, I can't afford to donate to the cause. So let's just be patient. I'm just gonna sit back and wait for snort to reappear on the package list.

Regards,
Jon

+1

NightHawk007

@nipstech:

I have an idea…and this comment isn't directed toward anyone in particular...Why don't we stop the griping, whining and bitching and just let the dev's do their magic. No amount of complaining is gonna make a difference. It is what it is and none of us can do anything about it unless you're willing to back up your complaints and put your money where your mouth is with a bounty. Unfortunately, I can't afford to donate to the cause. So let's just be patient. I'm just gonna sit back and wait for snort to reappear on the package list.

Regards,
Jon

I would like to know why thye played with snort when it work fine with zero problems .Now we have guy telling us to keep our mouths shut!!! Why should we !!!!! Plus it is on the package list NOT WORKING why is it they not working …....

Gloom

@nipstech:

I have an idea…and this comment isn't directed toward anyone in particular...Why don't we stop the griping, whining and bitching and just let the dev's do their magic. No amount of complaining is gonna make a difference. It is what it is and none of us can do anything about it unless you're willing to back up your complaints and put your money where your mouth is with a bounty. Unfortunately, I can't afford to donate to the cause. So let's just be patient. I'm just gonna sit back and wait for snort to reappear on the package list.

Regards,
Jon

The problem is some of us work for organisations that mandate the use of IDS/IPS and basically I've had to shut PFSense down and stop all testing and go back to running full FreeBSD installs with snort. If we had some idea of the problem I'm sure some of us on here have the skills to assist.

cyber7

Agreed!

I also posted a comment regarding the status of SNORT.  All it would take is for the developer to post a quick update with an ETA.  This will stop all the posts, BUT… NOTHING!

Just my 10c

dzeanah

My point of view is a bit different.

pfSense is an amazingly competent product that's available for free.  The folks who've created this product are trying to turn it into a full-time gig by selling consulting and books, but for the most part we're seeing the contributions of volunteers.  Which includes the guy doing Snort integration.  I'd guess he's got a life outside of pfSense and his contributions here, and I'm sure he'll get things running again when he's able.

If you need and IDS up and running as part of your firewall distribution then you can get that.  Cisco, SonicWALL, and Juniper all have IDS systems you can subscribe to, for instance.  Of course, they're all quite expensive and run on pricey, proprietary hardware that requires upgrades every few years.  If you need it though, you can have it in-hand tomorrow.  For my needs I'd be looking at something like $3,000 for a SonicWALL 2400 with IDS and one year of maintenance, with $510 annually for the IDS renewal and $300 for the service contract extension.  Juniper is more, and Cisco is way more.

Instead I'm running on a $700 netgate solid state device with (currently non-functional) Snort.  I bought the documentation book for 1.2, and I'll buy the next one.  I sent the developer of the Snort package $50 with a note of thanks.  And I'm willing to be patient.

This is open source.  You can build it yourself, or you can wait for the guy who's devoting his time to solving your business problems to get the work complete, or you can pay for a service contract (possibly for another product.)

Darkk

Or post a bounty to get snort working if it's that important for the business.  I'm sure it'll help things along alot quicker.

Otherwise I'd be happy to wait.

Darkk

tester_02

Personally I think snort should be part of the main package.  To me pfsense is the main release + squid + squidguard + snort.  I just believe that part of the main development should be those packages integrated into the release.
  Beyond that, if this package is so critical to so many, why has nobody put up a bounty like others suggested.  I am also sure that the amount contributed to the snort developer is probably peanuts compared to the time he's put into this package.  I am sure more of an incentive to keep it going would not hurt.
  As just a home user I've donated my $50 in the past (and probably should do more when the next release comes out), as well as offered money for bounties when I can.  For people complaining that their company need it, I think the amount should be much more.  Your business is operating on free software, contribute to it, or it will stop being developed.  Complain when you have to spend thousands on proprietary software with yearly fees, instead of living off free software.  It's not really free, as the developers spend their time working on it for nothing.  Donated a few dollars per year, it's worth the rewards when you get software like pfsense (watch the other distros with no support fall off over the years or move strictly into pay systems and you will know how good this really is).

That's all I have to say on the topic….

jamesdean

Update….

I am pretty much done with every thing, GUI wise. New snort binaries are building right now, that is a relief.

Only 2 things left to do...

1. create snortsam GUI.

2. create snortsam/snort/barnyard2 startup scripts.

I been stuck on creating a way to manage the snortsam block sid rule sets and saving user changes to said blocked sids.
You guys/girls have to realize there are 30,000 snort/emeging rule block sids and I have to make sure your saved settings are saved and displayed correctly as fast as possible.

Side note: I am always happy when you guys care enough to complain. Makes me feel my work on the GUI and the forums is useful to you.
I understand you guys bothered, but snort is working on pfsense 1.2.3 and the removal of the old snort version from 2.0 could not be helped.
Moreover, I understand the urgency and I am working as fast as possible with the limited amount of time I have. (personal life, work, paid projects etc...)

I am not giving you an a date on release to beta, just know I am close.

follow my progress
https://github.com/robiscool

Thanks
Robert

cyber7

Hi Robert.
Actually, it is very true what you say.  The reason people (including myself!) are complaining is because your work is so very important in the entire release of pfSense that without your contribution, the firewall is reasoned lacking.  (In other words, without Snort, pfSense just won't do!)

I thank you for your update.  I believe most people (if not all) have been put to rest seeing that you are putting so much effort into Snort.

Kind regards
Aubrey Kloppers
Cape Town
South Africa

Cino

Robert,

Keep up the good work man! From what i've seen, the new package looks really awesome! Looking forward to beta testing when that time comes..

Darkk

Awesome!! Looking forward to it.

Darkk

NightHawk007

I am glad my standby utm software still works on my hardware . I hope you guys tell us when the beta is ready to go ..

seattle-it

Segfaults for me on an AMD64 box when started from a shell .. looks as if progress is being made though, keep @ it Jamesdean ;)