Snort 2.9.4.1 pkg v. 2.5.6 Issue(s)
-
FYI. Just submitted the Pull Request on Github for Ermal and the pfSense team to review and approve. This request updates the Snort package to 2.5.7 and contains a number of bug fixes for the issues reported in this thread along with several enhancements and new features. This is a GUI update only. The underlying Snort binary itself remains at 2.9.4.1.
Here is a link to the Pull Request: https://github.com/pfsense/pfsense-packages/pull/433
Once approved by the pfSense team and merged into the master repository, the update will appear on your Installed Packages tab as 2.5.7. When it is merged, I will open a new thread containing the Change Log.
Bill
Great job again Bill, I have no reason to start a new topic with 2.5.7 issues yet. I have it running!
-
Pfsense 2.0.3 x86 fresh install with 2.0.1 config restored
which give me Snort 2.9.4.1 pkg v. 2.5.6
pfsense_ng ThemeI don't think it's a cache problem, I tried with Chrome instead of FF same thing happens
go to Services/Snort page and the logo points to the https://xxxxx/snort/index.phpReally not a big issue, just annoying ::)
-
can you test without a restore??
Mine is pointing to https://xxxxx/index.php
-
can you test without a restore??
Mine is pointing to https://xxxxx/index.php
I could, that means doing and fresh install from scratch on another disk
doing a manual config, installing snort etc ….
I might :-\ -
Could be the restore causing issues. Wh yI dont know, but mine hasnt been restored but build from scratch…
-
I guess building from scratch would gimme the same results as you.
I only have one system so if I find a few hours to spare I might do that. -
I've reported it a year ago, dont remember where …
Here is another related one http://forum.pfsense.org/index.php/topic,61033.0.html
and http://forum.pfsense.org/index.php/topic,36309.0.html ... i guess a search should highlight the prob ;) -
Cannot restart it from Services widget as stated.
Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
Apr 26 09:51:11 kernel: em0: promiscuous mode disabled
Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
Apr 26 09:51:10 SnortStartup[17481]: Snort STOP for Internet(36256_em0)…
Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
Apr 26 09:51:06 SnortStartup[62588]: Snort STOP for Internet(36256_em0)…
Apr 26 09:51:02 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 09:50:58 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 09:50:54 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …Has to go into services -> Snort to do it.
Apr 26 09:54:22 php: /snort/snort_interfaces.php: Snort START for Internet(em0)...
Apr 26 09:52:57 kernel: em0: promiscuous mode enabled
Apr 26 09:52:57 SnortStartup[61780]: Snort START for Internet(36256_em0)…
Apr 26 09:52:41 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 09:52:39 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 09:52:37 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
Apr 26 09:52:37 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(em0)... -
FYI. Just submitted the Pull Request on Github for Ermal and the pfSense team to review and approve. This request updates the Snort package to 2.5.7 and contains a number of bug fixes for the issues reported in this thread along with several enhancements and new features. This is a GUI update only. The underlying Snort binary itself remains at 2.9.4.1.
Here is a link to the Pull Request: https://github.com/pfsense/pfsense-packages/pull/433
Once approved by the pfSense team and merged into the master repository, the update will appear on your Installed Packages tab as 2.5.7. When it is merged, I will open a new thread containing the Change Log.
Bill
Excellent work Bill Thanks!
-
Cannot restart it from Services widget as stated.
Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
Apr 26 09:51:11 snort[38724]: Could not remove pid file /var/run/snort_em036256.pid: No such file or directory
Apr 26 09:51:11 kernel: em0: promiscuous mode disabled
Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
Apr 26 09:51:11 snort[38724]: *** Caught Term-Signal
Apr 26 09:51:10 SnortStartup[17481]: Snort STOP for Internet(36256_em0)…
Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
Apr 26 09:51:07 snort[40003]: *** Caught Term-Signal
Apr 26 09:51:06 SnortStartup[62588]: Snort STOP for Internet(36256_em0)…
Apr 26 09:51:02 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 09:50:58 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 09:50:54 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …Has to go into services -> Snort to do it.
Apr 26 09:54:22 php: /snort/snort_interfaces.php: Snort START for Internet(em0)...
Apr 26 09:52:57 kernel: em0: promiscuous mode enabled
Apr 26 09:52:57 SnortStartup[61780]: Snort START for Internet(36256_em0)…
Apr 26 09:52:41 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 09:52:39 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 09:52:37 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
Apr 26 09:52:37 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(em0)...I will check on this. I'm pretty sure that during my testing runs yesterday with 2.5.7 I started Snort from the Service widget, but I will try again.
Is this problem happening on 2.0.3 or 2.1-BETA?
Bill
-
One little issue still present for ages is that when you are in the Snort pages,
if you click on the pfsense top left logo you end up with 404 - Not Found
because the link points to https://xxxxx/snort/index.php instead of https://xxxxx/index.php on any other pages.I can't replicate that behavior on my test VMs. It could very well be something held over during upgrades. I'll see if I can research history a bit and identify a possible fix for you. As several others have posted that they do not have the issue, I do think it is something hanging around in your specific configuration someplace.
Bill
-
I haven't experienced this either..
Bill update went fine and everything restarted and is running like it should. :-D Moving over to the new thread now to follow.
