Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Package v4.1.3 Update -- Release Notes

    Scheduled Pinned Locked Moved IDS/IPS
    19 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dwighthenry61 @bmeeks
      last edited by

      @bmeeks thank you. I dont see the option yet for 2.5, but as soon as I can I will update. Thank you so much for your quick response.

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @dwighthenry61
        last edited by

        @dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:

        @bmeeks thank you. I dont see the option yet for 2.5, but as soon as I can I will update. Thank you so much for your quick response.

        Huh??? It should show up on your firewall Dashboard screen. I have a Netgate SG-5100 that I have not yet updated, so my screen shows the 21.02 update being available, but if you are running CE (Community Edition) on non-Netgate hardware you should see a notice that pfSense-2.5 is available for updating.

        pfSense-Dashboard.png

        D 2 Replies Last reply Reply Quote 0
        • D
          dwighthenry61 @bmeeks
          last edited by

          @bmeeks yes I did see it, I needed to squint to see it colored in green. I ran both updates and it works great. You are great, thank you so much for caring.

          1 Reply Last reply Reply Quote 0
          • D
            dwighthenry61 @bmeeks
            last edited by

            @bmeeks Sorry to be a pain, so the Snort install completed, and I can see it as an installed package. However it does not show up on the services list, and if i go to service watchdog to add it, it does not show up there as well, nor as an installed service on the dashboard. I rebooted the appliance without any success, even removed and reinstall with no success. Any thoughts on what I could try?

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @dwighthenry61
              last edited by

              @dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:

              @bmeeks Sorry to be a pain, so the Snort install completed, and I can see it as an installed package. However it does not show up on the services list, and if i go to service watchdog to add it, it does not show up there as well, nor as an installed service on the dashboard. I rebooted the appliance without any success, even removed and reinstall with no success. Any thoughts on what I could try?

              If it does not show up under the SERVICES menu, then the installation did not complete successfully. Perhaps you either did not wait long enough (you should see a "green" success screen at the end of the installation), or an error occurred near the end of the process. Either way, do not navigate away from the Package Installation screen until it 100% completes and shows you a green success message. You may need to remove the package, and install it again. This time be sure to wait until the screen gives you a green progress bar and a "success" installation message.

              You mentioned Service Watchdog. NEVER use Service Watchdog with Snort!! It is not compatible with the Snort pacakge (nor the Suricata package).

              D 2 Replies Last reply Reply Quote 0
              • D
                dwighthenry61 @bmeeks
                last edited by

                @bmeeks this is what i see after install "This can be done by appending '-lro' to your ifconfig_ line in rc.conf.

                Message from pfSense-pkg-snort-4.1.3_1:

                --
                Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.

                Cleaning up cache... done.
                Success"

                The bar above also changes from red to all green.

                1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks
                  last edited by

                  Is there anything listed in the pfSense System Log? Do you see any errors listed there?

                  D 1 Reply Last reply Reply Quote 0
                  • D
                    dwighthenry61 @bmeeks
                    last edited by

                    @bmeeks The install is finally showing up after 5 installs. I am now good to go. Thanks.

                    1 Reply Last reply Reply Quote 0
                    • B
                      beachbum2021 @bmeeks
                      last edited by

                      @bmeeks multi-threading please

                      bmeeksB 1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks @beachbum2021
                        last edited by bmeeks

                        @beachbum2021 said in Snort Package v4.1.3 Update -- Release Notes:

                        @bmeeks multi-threading please

                        Sorry, not happening. I got fully and thoroughly disgusted with Snort3 trying to convert the current package to the new binary. I'm done with that horse. Someone else is welcome to try if they want to. If multithreading is a must have, then use Suricata.

                        1 Reply Last reply Reply Quote 1
                        • D
                          dwighthenry61 @bmeeks
                          last edited by dwighthenry61

                          @bmeeks hey bmeeks, so after installing the patch for the pósense + issue that was affecting negate 3100, Snort went from not running to disappearing once more. I can see that the package is installed in the package manager, however not showing in the Services menu.

                          bmeeksB 1 Reply Last reply Reply Quote 0
                          • bmeeksB
                            bmeeks @dwighthenry61
                            last edited by

                            @dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:

                            @bmeeks hey bmeeks, so after installing the patch for the pósense + issue that was affecting negate 3100, Snort went from not running to disappearing once more. I can see that the package is installed in the package manager, however not showing in the Services menu.

                            Snort on the SG-3100 is still not working. We are looking into the problem, but it's a confusing one at the moment.

                            1 Reply Last reply Reply Quote 1
                            • R
                              rloeb
                              last edited by

                              Confirmed that it's not working on SG-3100. Installed succeeded, but it doesn't start (or fails after it starts, although I'm not seeing that in the logs).

                              bmeeksB 1 Reply Last reply Reply Quote 0
                              • bmeeksB
                                bmeeks @rloeb
                                last edited by

                                @rloeb said in Snort Package v4.1.3 Update -- Release Notes:

                                Confirmed that it's not working on SG-3100. Installed succeeded, but it doesn't start (or fails after it starts, although I'm not seeing that in the logs).

                                The main issue on the SG-3100 is that a portion of the Snort GUI code that runs when you click the Start icon is crashing PHP itself on the firewall. Why that happens has not yet been pinned down. The exact same GUI code runs just fine on everything else (SG-1100, SG-5100 and any other device that has a CPU that is not a 32-bit ARM chip). So that hints the issue is something with PHP itself on 32-bit ARM architecture, but nothing is proven yet.

                                This crashing of PHP will also likely interfere with the installation of Snort as it calls the same area of code during post-installation configuration. If PHP crashes then, it will likely not complete the last step of the installation which is creating the menu entry under SERVICES.

                                D 1 Reply Last reply Reply Quote 1
                                • D
                                  dwighthenry61 @bmeeks
                                  last edited by

                                  @bmeeks I upgraded to the latest version of PfSense+ 21.02.2-RELEASE (arm)
                                  built on Mon Apr 12 07:50:07 EDT 2021 so now I can install Snort and see it on the Services list. Trouble now however is that after configuring it won't start.

                                  bmeeksB 1 Reply Last reply Reply Quote 0
                                  • bmeeksB
                                    bmeeks @dwighthenry61
                                    last edited by bmeeks

                                    @dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:

                                    @bmeeks I upgraded to the latest version of PfSense+ 21.02.2-RELEASE (arm)
                                    built on Mon Apr 12 07:50:07 EDT 2021 so now I can install Snort and see it on the Services list. Trouble now however is that after configuring it won't start.

                                    Look at the post immediately above yours and you will see why. Nothing has changed on that front. Snort nor Suricata will run on the SG-3100 hardware (or any ARM 32-bit appliance).

                                    This issue is unlikely to get fixed, so if you want to run an IDS/IPS package, you will want to get something besides 32-bit ARM hardware to run it on.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.