Snort Package v4.1.3 Update -- Release Notes
-
@bmeeks thank you. I dont see the option yet for 2.5, but as soon as I can I will update. Thank you so much for your quick response.
-
@dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks thank you. I dont see the option yet for 2.5, but as soon as I can I will update. Thank you so much for your quick response.
Huh??? It should show up on your firewall Dashboard screen. I have a Netgate SG-5100 that I have not yet updated, so my screen shows the 21.02 update being available, but if you are running CE (Community Edition) on non-Netgate hardware you should see a notice that pfSense-2.5 is available for updating.
-
@bmeeks yes I did see it, I needed to squint to see it colored in green. I ran both updates and it works great. You are great, thank you so much for caring.
-
@bmeeks Sorry to be a pain, so the Snort install completed, and I can see it as an installed package. However it does not show up on the services list, and if i go to service watchdog to add it, it does not show up there as well, nor as an installed service on the dashboard. I rebooted the appliance without any success, even removed and reinstall with no success. Any thoughts on what I could try?
-
@dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks Sorry to be a pain, so the Snort install completed, and I can see it as an installed package. However it does not show up on the services list, and if i go to service watchdog to add it, it does not show up there as well, nor as an installed service on the dashboard. I rebooted the appliance without any success, even removed and reinstall with no success. Any thoughts on what I could try?
If it does not show up under the SERVICES menu, then the installation did not complete successfully. Perhaps you either did not wait long enough (you should see a "green" success screen at the end of the installation), or an error occurred near the end of the process. Either way, do not navigate away from the Package Installation screen until it 100% completes and shows you a green success message. You may need to remove the package, and install it again. This time be sure to wait until the screen gives you a green progress bar and a "success" installation message.
You mentioned Service Watchdog. NEVER use Service Watchdog with Snort!! It is not compatible with the Snort pacakge (nor the Suricata package).
-
@bmeeks this is what i see after install "This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
Message from pfSense-pkg-snort-4.1.3_1:
--
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.Cleaning up cache... done.
Success"The bar above also changes from red to all green.
-
Is there anything listed in the pfSense System Log? Do you see any errors listed there?
-
@bmeeks The install is finally showing up after 5 installs. I am now good to go. Thanks.
-
@bmeeks multi-threading please
-
@beachbum2021 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks multi-threading please
Sorry, not happening. I got fully and thoroughly disgusted with Snort3 trying to convert the current package to the new binary. I'm done with that horse. Someone else is welcome to try if they want to. If multithreading is a must have, then use Suricata.
-
@bmeeks hey bmeeks, so after installing the patch for the pósense + issue that was affecting negate 3100, Snort went from not running to disappearing once more. I can see that the package is installed in the package manager, however not showing in the Services menu.
-
@dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks hey bmeeks, so after installing the patch for the pósense + issue that was affecting negate 3100, Snort went from not running to disappearing once more. I can see that the package is installed in the package manager, however not showing in the Services menu.
Snort on the SG-3100 is still not working. We are looking into the problem, but it's a confusing one at the moment.
-
Confirmed that it's not working on SG-3100. Installed succeeded, but it doesn't start (or fails after it starts, although I'm not seeing that in the logs).
-
@rloeb said in Snort Package v4.1.3 Update -- Release Notes:
Confirmed that it's not working on SG-3100. Installed succeeded, but it doesn't start (or fails after it starts, although I'm not seeing that in the logs).
The main issue on the SG-3100 is that a portion of the Snort GUI code that runs when you click the Start icon is crashing PHP itself on the firewall. Why that happens has not yet been pinned down. The exact same GUI code runs just fine on everything else (SG-1100, SG-5100 and any other device that has a CPU that is not a 32-bit ARM chip). So that hints the issue is something with PHP itself on 32-bit ARM architecture, but nothing is proven yet.
This crashing of PHP will also likely interfere with the installation of Snort as it calls the same area of code during post-installation configuration. If PHP crashes then, it will likely not complete the last step of the installation which is creating the menu entry under SERVICES.
-
@bmeeks I upgraded to the latest version of PfSense+ 21.02.2-RELEASE (arm)
built on Mon Apr 12 07:50:07 EDT 2021 so now I can install Snort and see it on the Services list. Trouble now however is that after configuring it won't start. -
@dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks I upgraded to the latest version of PfSense+ 21.02.2-RELEASE (arm)
built on Mon Apr 12 07:50:07 EDT 2021 so now I can install Snort and see it on the Services list. Trouble now however is that after configuring it won't start.Look at the post immediately above yours and you will see why. Nothing has changed on that front. Snort nor Suricata will run on the SG-3100 hardware (or any ARM 32-bit appliance).
This issue is unlikely to get fixed, so if you want to run an IDS/IPS package, you will want to get something besides 32-bit ARM hardware to run it on.
