Snort 2.9.2.3 pkg v. 2.5.4 killed by World of Tanks
-
A load-based bug is going to perhaps be difficult to find. Are you up to building a separate FreeBSD 8.1 virtual machine (or actual box) and run the traffic through it in just pure sniffing mode? Take pfSense out of the mix and maybe just do alerting on a clean FreeBSD 8.1 kernel. If that crashes, then try the 8.2 kernel. Other options are the Snort 2.9.4.1 binary on the 8.1 or 8.2 kernels. There are compilation instructions for Snort on FreeBSD posted on the Snort.org web site (in the documentation section).
Bill
-
Yes, exactly. Get the "independent" sniffing mode working and then see what can be done for pfSense.
-
I updated the binary to snort 2.4.9.1 so try with that.
-
I'll wait a couple of hours such that the repository is udpated && then I'll update.
-
Not sure if this is a snort binary update timing issue or not. The package installation fails on amd64, 2.0.2 This from the install packages window
Beginning package installation for snort…
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/amd64/8/All/mysql-client-5.1.68.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/mysql-client-5.1.68.tbz.
of mysql-client-5.1.68 failed!Installation aborted.Backing up libraries..
-
Heh that was fast.
The binaries are being built they will be uploaded shortly. -
having some rules issues
snort[67221]: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort/dynamicrules/web-misc.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort/dynamicengine/libsf_engine.so" version 1.17.
-
Not sure if this is a snort binary update timing issue or not. The package installation fails on amd64, 2.0.2 This from the install packages window
Beginning package installation for snort…
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/amd64/8/All/mysql-client-5.1.68.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/mysql-client-5.1.68.tbz.
of mysql-client-5.1.68 failed!Installation aborted.Backing up libraries..
I am still having the same exact issue with installing/upgrading SNORT.
-
Don't know if its on propose I looked and the path http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/ is missing
In this path http://files.pfsense.org/packages/8/All/mysql-client-5.1.68.tbz the file is missing.
-
I update my snort package to 2.9.4.1 pkg v. 2.5.4.
It is now running fine for 2 days and hasn't crashed a single time. I am using a limited set of ET rules only, so I don't have the problems related to so rules.