Snort Package v4.1.3 Update -- Release Notes
-
@bmeeks this is what i see after install "This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
Message from pfSense-pkg-snort-4.1.3_1:
--
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.Cleaning up cache... done.
Success"The bar above also changes from red to all green.
-
Is there anything listed in the pfSense System Log? Do you see any errors listed there?
-
@bmeeks The install is finally showing up after 5 installs. I am now good to go. Thanks.
-
@bmeeks multi-threading please
-
@beachbum2021 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks multi-threading please
Sorry, not happening. I got fully and thoroughly disgusted with Snort3 trying to convert the current package to the new binary. I'm done with that horse. Someone else is welcome to try if they want to. If multithreading is a must have, then use Suricata.
-
@bmeeks hey bmeeks, so after installing the patch for the pósense + issue that was affecting negate 3100, Snort went from not running to disappearing once more. I can see that the package is installed in the package manager, however not showing in the Services menu.
-
@dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks hey bmeeks, so after installing the patch for the pósense + issue that was affecting negate 3100, Snort went from not running to disappearing once more. I can see that the package is installed in the package manager, however not showing in the Services menu.
Snort on the SG-3100 is still not working. We are looking into the problem, but it's a confusing one at the moment.
-
Confirmed that it's not working on SG-3100. Installed succeeded, but it doesn't start (or fails after it starts, although I'm not seeing that in the logs).
-
@rloeb said in Snort Package v4.1.3 Update -- Release Notes:
Confirmed that it's not working on SG-3100. Installed succeeded, but it doesn't start (or fails after it starts, although I'm not seeing that in the logs).
The main issue on the SG-3100 is that a portion of the Snort GUI code that runs when you click the Start icon is crashing PHP itself on the firewall. Why that happens has not yet been pinned down. The exact same GUI code runs just fine on everything else (SG-1100, SG-5100 and any other device that has a CPU that is not a 32-bit ARM chip). So that hints the issue is something with PHP itself on 32-bit ARM architecture, but nothing is proven yet.
This crashing of PHP will also likely interfere with the installation of Snort as it calls the same area of code during post-installation configuration. If PHP crashes then, it will likely not complete the last step of the installation which is creating the menu entry under SERVICES.
-
@bmeeks I upgraded to the latest version of PfSense+ 21.02.2-RELEASE (arm)
built on Mon Apr 12 07:50:07 EDT 2021 so now I can install Snort and see it on the Services list. Trouble now however is that after configuring it won't start. -
@dwighthenry61 said in Snort Package v4.1.3 Update -- Release Notes:
@bmeeks I upgraded to the latest version of PfSense+ 21.02.2-RELEASE (arm)
built on Mon Apr 12 07:50:07 EDT 2021 so now I can install Snort and see it on the Services list. Trouble now however is that after configuring it won't start.Look at the post immediately above yours and you will see why. Nothing has changed on that front. Snort nor Suricata will run on the SG-3100 hardware (or any ARM 32-bit appliance).
This issue is unlikely to get fixed, so if you want to run an IDS/IPS package, you will want to get something besides 32-bit ARM hardware to run it on.