Snot not starting: Invalid argument to 'server_flow_depth'.

Supermule

Sounds like a plan Bill!!

AhnHEL

Off topic Bill, but have you seen the Community Rules feature that Snort has just implemented?

http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Snort+%28Snort%29

Supermule

Thats a brilliant idea!!

bmeeks

@AhnHEL:

Off topic Bill, but have you seen the Community Rules feature that Snort has just implemented?

http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Snort+%28Snort%29

Interesting concept, indeed!  I had seen a reference to it in the recent past, but did not read up on the details.  Sounds like some direct competition for the Emerging Threats rules… ;)

I see no reason this could not be incorporated into the Snort package.  Need a little time to experiment with it and see how to integrate it without breaking the current VRT and Emerging Threats.  I have some other updates to the GUI in the works at the moment to address known issues.  Once those are released, then I can look at incorporating the Snort Community Rules.

Bill

awsiemieniec

When it comes time for testing I can contribute the "idiots guide" approach for ya'll.  :P

AhnHEL

@bmeeks:

Once those are released, then I can look at incorporating the Snort Community Rules.

Awesome, thank you.

Supermule

Me to :D

@awsiemieniec:

When it comes time for testing I can contribute the "idiots guide" approach for ya'll.  :P

bmeeks

@AhnHEL:

Off topic Bill, but have you seen the Community Rules feature that Snort has just implemented?

http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Snort+%28Snort%29

FYI.  I now have this functionality working in my latest test build of the Snort GUI.  Hope to push the commit to Github soon for Ermal and the pfSense Core Team to look over.  Besides adding Snort GPLv2 Community Rules support, I've made the update process quite a bit more "robust" and added logging of the updates.  I also fixed that stubborn "greyed-out" button on the Updates tab for viewing the update logs.

I also found the cause of the Signal 11 exits with preprocessors enabled (specifically the http_inspect preprocessor).  It is a quirk in the PBI package and the way it creates symbolic links upon Snort installation on the 2.1-BETA platform.  I will try and figure out the correct lines to change in the PBI build script to correct this and submit those as well.

I've also tried my best to find all the "traps" in the code that were causing issues for users.  Turns out, upon close examination, there are several paths to a given final configuration, but some of those paths could be a source of future issues if taken out of a particular order.  That statement may not make perfect sense, but basically there were ways available in the GUI for an unsuspecting user to inadvertently shoot themselves in the foot.  I'm in my testing phase now trying about every scenario I can envision for adding, removing and editing interfaces and rule sets to Snort.  With each iteration, I'm trying to make sure you can't break it by doing stuff in the GUI.  This is the whole "adding intelligence to Snort" I spoke of in an earlier post.

Finally, I've made a couple of tweaks to the package reinstall process that I hope will prevent future broken installs.

Bill

awsiemieniec

Thanks Bill for your continued effort.

Aaron

AhnHEL

@bmeeks:

FYI.  I now have this functionality working in my latest test build of the Snort GUI.

Wow, that was fast Bill.  Excellent work, cant wait to try out all the new improvements.  Any idea when the 2.9.4.1 rules for registered users will be released?

bmeeks

@AhnHEL:

Any idea when the 2.9.4.1 rules for registered users will be released?

I would think 30 days past the first release of the 2.9.4.1 code base and its package.  Snort 2.9.4.1 was released on March 4, 2013.  So I expect the 2.9.4.1 rules to become available for free, registered users on April 4, 2013.

Bill

bmeeks

@AhnHEL:

@bmeeks:

FYI.  I now have this functionality working in my latest test build of the Snort GUI.

Wow, that was fast Bill.  Excellent work, cant wait to try out all the new improvements.

Here is a link to my Github repository showing my latest changes:

https://github.com/bmeeks8/pfsense-packages/commits/master

You can look at the Commit History.  Changes after March 22 have NOT yet been submitted to the pfSense team.  I hope to do that in a day or two.

Bill