Snort Package Update 2.5.7 – Change Log
-
I edit Snort Interface variables and go to Dashoboard -> Services widget and press restart Snort.
This happens
Apr 26 13:32:45 SnortStartup[29810]: Snort STOP for Internet(9626_em0)…
Apr 26 13:32:41 kernel: em0: promiscuous mode disabled
Apr 26 13:32:41 snort[26004]: *** Caught Term-Signal
Apr 26 13:32:41 snort[26004]: *** Caught Term-Signal
Apr 26 13:32:40 SnortStartup[27109]: Snort STOP for Internet(9626_em0)…
Apr 26 13:32:36 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 13:32:32 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 13:32:28 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …
Apr 26 13:32:28 check_reload_status: Syncing firewallGo to services -> Snort and it shows Snort is not running. I click the green button and get this:
Last 500 system log entries
Apr 26 13:37:30 php: /snort/snort_interfaces.php: Snort START for Internet(em0)...
Apr 26 13:37:29 kernel: em0: promiscuous mode enabled
Apr 26 13:35:43 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 13:35:41 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 13:35:39 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
Apr 26 13:35:39 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(em0)...
Apr 26 13:35:23 kernel: em0: promiscuous mode disabled
Apr 26 13:35:23 snort[43453]: *** Caught Term-Signal
Apr 26 13:35:23 snort[43453]: *** Caught Term-Signal
Apr 26 13:35:22 php: /snort/snort_interfaces.php: Snort STOP for Internet(em0)…
Apr 26 13:35:22 php: /snort/snort_interfaces.php: Toggle (snort stopping) for WAN(em0)...
Apr 26 13:35:21 php: /snort/snort_interfaces.php: Snort STOP for Internet(em0)...
Apr 26 13:35:21 php: /snort/snort_interfaces.php: Toggle (snort stopping) for WAN(em0)...
Apr 26 13:34:35 kernel: em0: promiscuous mode enabled
Apr 26 13:34:35 SnortStartup[43762]: Snort START for Internet(9626_em0)…Takes a very long time to start Snort.
The only difference that I noticed was the change in interface name... From (9626_em0) to (em0) but I dont know if it has any influence on the way it behaves...
-
I edit Snort Interface variables and go to Dashoboard -> Services widget and press restart Snort.
This happens
Apr 26 13:32:45 SnortStartup[29810]: Snort STOP for Internet(9626_em0)…
Apr 26 13:32:41 kernel: em0: promiscuous mode disabled
Apr 26 13:32:41 snort[26004]: *** Caught Term-Signal
Apr 26 13:32:41 snort[26004]: *** Caught Term-Signal
Apr 26 13:32:40 SnortStartup[27109]: Snort STOP for Internet(9626_em0)…
Apr 26 13:32:36 php: /snort/snort_preprocessors.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 13:32:32 php: /snort/snort_preprocessors.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 13:32:28 php: /snort/snort_preprocessors.php: [Snort] Updating rules configuration for: WAN …
Apr 26 13:32:28 check_reload_status: Syncing firewallGo to services -> Snort and it shows Snort is not running. I click the green button and get this:
Last 500 system log entries
Apr 26 13:37:30 php: /snort/snort_interfaces.php: Snort START for Internet(em0)...
Apr 26 13:37:29 kernel: em0: promiscuous mode enabled
Apr 26 13:35:43 php: /snort/snort_interfaces.php: [Snort] Building new sig-msg.map file for WAN…
Apr 26 13:35:41 php: /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: WAN…
Apr 26 13:35:39 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
Apr 26 13:35:39 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(em0)...
Apr 26 13:35:23 kernel: em0: promiscuous mode disabled
Apr 26 13:35:23 snort[43453]: *** Caught Term-Signal
Apr 26 13:35:23 snort[43453]: *** Caught Term-Signal
Apr 26 13:35:22 php: /snort/snort_interfaces.php: Snort STOP for Internet(em0)…
Apr 26 13:35:22 php: /snort/snort_interfaces.php: Toggle (snort stopping) for WAN(em0)...
Apr 26 13:35:21 php: /snort/snort_interfaces.php: Snort STOP for Internet(em0)...
Apr 26 13:35:21 php: /snort/snort_interfaces.php: Toggle (snort stopping) for WAN(em0)...
Apr 26 13:34:35 kernel: em0: promiscuous mode enabled
Apr 26 13:34:35 SnortStartup[43762]: Snort START for Internet(9626_em0)…Takes a very long time to start Snort.
Yes, the long time is Snort rebuilding the rules prior to starting. Let's start a 2.5.7 Issues thread and keep problems with 2.5.7 over there.
Thanks,
Bill -
Again a great update. Worked without problems for me (pfSense 2.0.3 i386) ;D
-
Too long I've been waiting to see the Snort running stable. I just hope the rules update set to 12 hours works fine, not requiring manual intervention to restart the service.
Reporting Snort fresh install - old snapshot:2.1-BETA1 (amd64)
built on Tue Mar 12 20:58:29 EDT 2013
FreeBSD 8.3-RELEASE-p6Starting rules update… Time: 2013-04-26 15:26:00
Downloading Snort VRT md5 file...
Checking Snort VRT md5 file...
There is a new set of Snort VRT rules posted. Downloading...
Done downloading rules file.
Downloading Snort GPLv2 Community Rules md5 file...
Checking Snort GPLv2 Community Rules md5.
Snort GPLv2 Community Rules are up to date.
Downloading EmergingThreats md5 file...
Checking EmergingThreats md5.
There is a new set of EmergingThreats rules posted. Downloading...
Done downloading EmergingThreats rules file.
Extracting and installing EmergingThreats.org rules...
Installation of EmergingThreats.org rules completed.
Extracting and installing Snort VRT rules...
Using Snort VRT precompiled SO rules for FreeBSD-8-1 ...
Installation of Snort VRT rules completed.
Copying new config and map files...
Updating rules configuration for: WAN ...
Restarting Snort to activate the new set of rules...
Snort has restarted with your new set of rules.
The Rules update has finished. Time: 2013-04-26 15:31:11Snort is working fine and the Widget as well. The Auto generted list for suppress, works fine too. But, as you can see, we have a typo there: generted. ;)
Thanks for all your effort and dedication, bmeeks.
-
Snort is working fine and the Widget as well. The Auto generted list for suppress, works fine too. But, as you can see, we have a typo there: generted. ;)
Thanks for all your effort and dedication, bmeeks.
Thank you! And I hate typos – that one escaped me this time, but it goes on my list for the future... ;D
Bill
-
Thank you! And I hate typos – that one escaped me this time, but it goes on my list for the future... ;D
Cool! 8)
More important than that: Snort running fine. :) -
I just want to say that the snort package has never run so reliably and so polished EVER until now.
Thanks Bill!!
-
I just want to say that the snort package has never run so reliably and so polished EVER until now.
Thanks Bill!!
That's great to hear! Thank you for posting.
Bill
-
Good news: Automatic updates haven't disable Snort. Same thing after manually hang the system. After power on it took about 10 minutes for full system up (6 minutes to have Snort running back).
Flow bits is not enabled.
System Spec:
Intel(R) Atom(TM) CPU D510 @ 1.66GHz
2G RAM
HD Seagate Sata 7200rpmINSTALLED RULESET SIGNATURES
SNORT.ORG
EMERGINGTHREATS.NET
SNORT GPLv2 COMMUNITY RULESI do have a few rules disabled.
-
I updated to 2.5.7, and I also removed I removed Widescreen
I went fine, had to manually start snort but it is running okThe problem with the the top left pfsense logo link seems to be gone
It now point to https://xxxxx/index.php in the snort page ;D -
Thanks bmeeks ;D
