Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort v4.1_1 Update for pfSense-2.5-DEVEL -- Release Notes

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 133 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by bmeeks

      Snort v4.1_1 (for pfSense-2.5 DEVEL only)

      This update to the Snort GUI package for pfSense-2.5 DEVEL adds two new features.

      New Features:

      1. Add an option on the INTERFACE SETTINGS tab to enable tcpdump compatible packet captures from alerts. A capture file size limit can also be set. Once a capture file exceeds the limit, it is rotated and a new capture file is opened. The packet captures are stored in the interface's logging subdirectory under /var/log/snort. The filename is snort.log. Rotated files will have a UNIX timestamp appended to the name. If you enable packet captures, you are strongly encouraged to enable automatic log size management on the LOGS MGMT tab and set reasonable limits for your hardware. Failure to do this can lead to disk space exhaustion!

      2. Add a new binary Unified2 format log file for OpenAppID alerts. This file is for future use. It resides in the interface's logging subdirectory under /var/log/snort. On the LOG MGMT tab you can configure size and retention limits for the OpenAppID alerts log. The filename is appid.alerts. Rotated files will have a UNIX timestamp appended to the name.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.