Snort-3.2.9.10 Package Update Release Notes
-
Snort-3.2.9.10 for pfSense-2.4.4 RELEASE
This update adds support for the latest 2.9.15 version of the snort binary, fixes two bugs and adds one new feature.New Features:
- Added sortable columns on the RULES tab to duplicate similar functionality available on the ALERTS tab. See Redmine Issue #9871.
Bug Fixes:
-
When adding a SID to a Suppress List or disabilng a rule on the ALERTS tab, Snort is stopped if running and logs a "Snort Reload: Any change to the dynamic preprocessor configuration requires a restart." message to the system log.
-
The SUPPRESS tab allows deletion of an assigned Suppress List when it should instead issue a warning and not delete lists currently assigned to an interface.
-
Hey Bmeeks, big fan of your work. I have been around for a while but never registered to the forum. Always prefer to read and learn that to speak without knowledge. Now onto the problem affecting your latest release. I believe is the same issue that was happening a few months back that as soon as a firewall rule was changed pfsense would completely crash to the point of a reinstall being required. I believe that with the lastest release the same bug has been reintroduced as i updated yesterday and within a few hours made a firewall rule change and bang had to reinstall pfsense due to the same errors. Now please do not ask of the error(s) cause i have bad memory. what i am sure of is that it has happened before and was due to snort. If you could look into it it would be great, as always thank you for keeping us all safe.
-
@LilMonkey305 said in Snort-3.2.9.10 Package Update Release Notes:
Hey Bmeeks, big fan of your work. I have been around for a while but never registered to the forum. Always prefer to read and learn that to speak without knowledge. Now onto the problem affecting your latest release. I believe is the same issue that was happening a few months back that as soon as a firewall rule was changed pfsense would completely crash to the point of a reinstall being required. I believe that with the lastest release the same bug has been reintroduced as i updated yesterday and within a few hours made a firewall rule change and bang had to reinstall pfsense due to the same errors. Now please do not ask of the error(s) cause i have bad memory. what i am sure of is that it has happened before and was due to snort. If you could look into it it would be great, as always thank you for keeping us all safe.
I can't imagine any kind of connection between changing a firewall rule and then Snort causing a crash. I've never seen that reported here before to the best of my recollection.
It goes without saying that if you can't give me any error messages or system or crash log data to start investigations from, then there is nothing I can do.
-
New Features:
- Added sortable columns on the RULES tab to duplicate similar functionality available on the ALERTS tab. See Redmine Issue #9871.
Many thanks Bill
-
Hey Bmeeks. I tried to replicate the issue but, no dice, which is good news. Seems like the updating process triggered the bug as it first uninstalled snort and then installed the new version over it. Since i had to reinstall pfsense i got a clean install to the latest package thus eliminating the bug. Again, thank you for your support.
-
@LilMonkey305 said in Snort-3.2.9.10 Package Update Release Notes:
Hey Bmeeks. I tried to replicate the issue but, no dice, which is good news. Seems like the updating process triggered the bug as it first uninstalled snort and then installed the new version over it. Since i had to reinstall pfsense i got a clean install to the latest package thus eliminating the bug. Again, thank you for your support.
Glad you got it sorted out, but there is no bug. If it was a bug, it would impact all users and not just you. You are the only report I have ever heard of such behavior. You had something wrong within your particular configuration. You may have a failing disk drive or you had something happen during the download that corrupted downloaded files maybe.
-
Hello sir @bmeeks yesterday I run an upgrade to the latest one 3.2.9.10 for snort. It woks fine after I reboot my box. Today when I checked status it stops all and it looks like this pic. I click the play button to start the status but still it won work. Do I need to remove the package and reinstall it again? Thank you sir
-
@bokikay said in Snort-3.2.9.10 Package Update Release Notes:
Hello sir @bmeeks yesterday I run an upgrade to the latest one 3.2.9.10 for snort. It woks fine after I reboot my box. Today when I checked status it stops all and it looks like this pic. I click the play button to start the status but still it won work. Do I need to remove the package and reinstall it again? Thank you sir
Have you looked in the pfSense system log to see what error messages are being logged when you attempt a restart of the interfaces? How do you expect me to help you if you give me no information to go on? I need error log messages to troubleshoot. I can't just sense what's wrong through the ether with "spidy senses" or something ... .