Change max_client_bytes in SSH preprocessor



  • Hi,

    How to change max_client_bytes in SSH preprocessor? If I put that in Advanced Configuration Pass-Through

    preprocessor ssh:
            max_client_bytes 19600

    Then SNORT won't start up. Probably because I have duplicated preprocessor ssh: with the one provided by pfsense. I tried disabling SSH altogether and putting it again but snort also refuses to come back up.

    pfsense version is 2.4.2-RELEASE-p1 and SNORT is 2.9.9.0

    Thanks!
    Michał



  • @alchemyx:

    Hi,

    How to change max_client_bytes in SSH preprocessor? If I put that in Advanced Configuration Pass-Through

    preprocessor ssh:
            max_client_bytes 19600

    Then SNORT won't start up. Probably because I have duplicated preprocessor ssh: with the one provided by pfsense. I tried disabling SSH altogether and putting it again but snort also refuses to come back up.

    pfsense version is 2.4.2-RELEASE-p1 and SNORT is 2.9.9.0

    Thanks!
    Michał

    At the moment that is not a configurable parameter within the GUI.  And using the Advanced Passthrough feature doesn't work with preprocessors because of how the internal GUI code works for now.

    I will add this parameter to the next Snort GUI update.  I'm working on some other Snort updates and hope to get an updated package posted in a couple of weeks or so.

    Bill


Log in to reply