Snort-dev ready for testing. Post issues here.
-
This is really unimportant, but…
Is there any chance you can make add a /snort/index.php that redirects to the /index.php for pfSense?
Every time I'm in snort and I want to get back to my dashboard, I click the pfSense logo and get a "404 Not Found" error because the browser wants to stay in the /snort/ directory...
I guess I could do it myself, but figured it'd be nice to have in the package! :)
Doesn't this only happen when you have the widescreen package installed?
-
This is really unimportant, but…
Is there any chance you can make add a /snort/index.php that redirects to the /index.php for pfSense?
Every time I'm in snort and I want to get back to my dashboard, I click the pfSense logo and get a "404 Not Found" error because the browser wants to stay in the /snort/ directory...
I guess I could do it myself, but figured it'd be nice to have in the package! :)
Doesn't this only happen when you have the widescreen package installed?
I think your right. Works fine on 2.1 right now
-
Doesn't this only happen when you have the widescreen package installed?
Ah okay good to know! Thanks.
-
Snort-dev seems to loose blocked hosts on 2.0.1 amd64.
My blocking time is set to 3 hours. A host gets blocked correctly when a matching rule fires. Sometimes this host gets out of snort2c table even if there where multiple new alerts from the same host meanwhile. So it also seems that the remaining blocking time does not get updated after a new alert.Greets, Judex
-
It seems that snort-dev shuts down on the first alert after an automatic rule update. I observed that at leats twice.
Here's the log:
Jun 29 00:10:07 gatekeeper snort[62591]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Bad file descriptor
Jun 29 00:10:07 gatekeeper kernel: em1: promiscuous mode disabled -
It seems that snort-dev shuts down on the first alert after an automatic rule update. I observed that at leats twice.
Here's the log:
Jun 29 00:10:07 gatekeeper snort[62591]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Bad file descriptor
Jun 29 00:10:07 gatekeeper kernel: em1: promiscuous mode disabledI was testing whitelist changes today and enabled blocking, I'm seeing the same issues.
Is there an issue with the pf patch that was applied?
Jul 4 08:28:56 snort[4839]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Inappropriate ioctl for device Jul 4 08:28:56 snort[4839]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Inappropriate ioctl for device -
attempted snort-dev install on two amd64 boxes. Installation does not finish. It hangs at "loading package information".
Cheers,
Dennis. -
attempted snort-dev install on two amd64 boxes. Installation does not finish. It hangs at "loading package information".
Cheers,
Dennis.+1
-
It seems like php closure code that you used on snort.inc file is compatible only with php5.3(pfsense 2.1)
$snort_calc_iface_subnet_list = function($int) use(&$home_net)Starting package snort-dev…
Parse error: syntax error, unexpected T_FUNCTION in /usr/local/pkg/snort/snort.inc on line 183 -
I get this error:
Warning: file_get_contents(/var/log/snort/59183_lagg0/alert): failed to open stream: No such file or directory in /usr/local/www/snort/snort_alerts.php on line 396
when I go to the Alerts tab (Services : Snort : Snort Alerts)
Rules are downloaded successfully, WAN interface is enabled for snort, but it ain't running.
Any ideas?
