Snort Update - Release Notes

  • Snort GUI Package Update - Release Notes

    This update for the Snort GUI package implements support for the latest version of the Snort binary. Release Notes for Snort can be found here:

    Note: some users are reporting a failure to start due to a probable syntax error in an Emerging Threats Exploit rule.  This is not caused by a problem with the Snort update.  It is an issue in the ET Open Exploit rules category.  I suspect the ET guys will get it sorted out soon.

    Thanks to @pfcode for identifying the errant rule.  Here is his post:  Here is my post explaining how to interpret the error message in order to find the rule on your own:  Each person seeing the error will probably have a different line number reported.  This is because where the errant rule is located within the snort.rules file depends on how many rules you have enabled in your configuration.  That snort.rules file contains all of your "enabled" rules.  The path to the rules file contains your physical interface name along with a UUID number, so the path in your error message is going to be different.  If you are impacted by the error, simply disable the rule using either the icons on the RULES tab or via the configuration on the SID MGMT tab.  The SID of the rule is given in @pfcode's post (following the link given earlier).

    GUI Package New Features:

    GUI Package Bug Fixes:

    When using the download buttons on the ALERTS, BLOCKED and SID MGT tabs, the downloaded files either have HTML appended to them (if downloading individual files) or when downloading a gzip archive it shows as corrupt on Windows.

    Redmine Bug #7555, translation data shown in breadcrumb link when no interfaces are defined for Snort and one of the interface settings tabs is selected.

Log in to reply