Snort 2.9.4.6 Pkg v 2.5.9
-
Should this fix multiple Snort processes being left over after rules updates? With my setup Snort takes a while to fully load all rules. For me Snort always launches correctly on boot up, but there might be multiple processes running after a few days of uptime.
-
Should this fix multiple Snort processes being left over after rules updates? With my setup Snort takes a while to fully load all rules. For me Snort always launches correctly on boot up, but there might be multiple processes running after a few days of uptime.
Yes, it should help with that as well. The same pgrep bug was in the STOP part of the script, also. Just make sure that any existing "extra processes" are killed manually, or else just reboot the box.
Bill
-
Thank you for the fix Bill, when will this go Gold? v2.6.0?
-
Thank you for the fix Bill, when will this go Gold? v2.6.0?
The code update has been submitted via a GitHub Pull Request. Here is a link to the request:
https://github.com/pfsense/pfsense-packages/pull/514
There are a few other fixes and new features included with the multiple processes bug fix.
The changes need to be reviewed, approved and merged by the pfSense Core Team before the new version shows up in the Package Repository.
Bill
-
Hello Bill, was wondering if u fixed the typo in the snort.inc. It was "{$stream5_no_reassemble_async}$stream5_dont_store_lg_pkts" on line 3137, it was talked about on page 5 so like 100 years ago. :)
UPDATE
Nevermind just saw it was updated thanks again!
-
Looks like the 2.6.0 package has made it's way to the repository! :D
Let's test… -
Yep!
So far so good :)
Just updated 2 production boxes :) -
Looks like the 2.6.0 package has made it's way to the repository! :D
Let's test…Yep, the Core Team guys approved and merged the update earlier today. I also made a tweak to the Snort binary to fix the error message "SMTP: changing file_depth requires a restart" when attempting a soft-restart of Snort. I see the 2.1 PBI version of the new binary package has built already, but I did not see the 2.0.3 TBZ version posted yet. It should build and post soon, though.
So when you do the Snort update, I recommend a package remove and then re-install so you will pick up the new binary as well. You just want to check http://files.pfsense.org/packages/8/All/ and make sure the newest September 27 version of snort-2.9.4.6.tbz has been built and shows up.
Bill
-
Hi!
snort-2.9.4.6.tbz is June version on the link u posted?
Regards,
M -
Hi!
snort-2.9.4.6.tbz is June version on the link u posted?
Regards,
MUPDATE #2 (9:22 AM September 28): The updated Snort binary for 2.0.3 pfSense installs is now available in the files repository.
UPDATED INFO (9:30 PM September 27): I received a note back from the pfSense guys. There are some issues with getting the 2.0.3 binary packages rebuilt. The issues are generic with the Ports tree and not specific to Snort. It could be later this weekend or even early next week before the 2.0.3 binaries get rebuilt. If you have a 2.1 install, you are golden because the PBI packages are good to go.
If you want the new Snort GUI fixes, then go ahead and reinstall the Snort package now. Just click the PKG or XML icons. They both will do the same thing in terms of reinstalling the GUI PHP code. I will post back later when the new Snort binaries for 2.0.3 pfSense are built and posted.
**Original Post follows –- **
Yeah, I think maybe those rebuild overnight. I will e-mail the Core Team guys and have one of them check it out. The new binary is not a huge deal, but if you use the SMTP preprocessor and sometimes saw the message about "SMTP: changing file_depth requires a restart", then the updated binary will fix that (and allow Snort to soft-restart correctly).It won't hurt anything to do a package reinstall by clicking the PKG or XML icon, then later when the new binary is posted you can do the remove and re-install then. The major bug fixes and new features are all in the GUI code anyway.
Bill
