Change max_client_bytes in SSH preprocessor

alchemyx

Hi,

How to change max_client_bytes in SSH preprocessor? If I put that in Advanced Configuration Pass-Through

preprocessor ssh:
        max_client_bytes 19600

Then SNORT won't start up. Probably because I have duplicated preprocessor ssh: with the one provided by pfsense. I tried disabling SSH altogether and putting it again but snort also refuses to come back up.

pfsense version is 2.4.2-RELEASE-p1 and SNORT is 2.9.9.0

Thanks!
Michał

bmeeks

@alchemyx:

Hi,

How to change max_client_bytes in SSH preprocessor? If I put that in Advanced Configuration Pass-Through

preprocessor ssh:
        max_client_bytes 19600

Then SNORT won't start up. Probably because I have duplicated preprocessor ssh: with the one provided by pfsense. I tried disabling SSH altogether and putting it again but snort also refuses to come back up.

pfsense version is 2.4.2-RELEASE-p1 and SNORT is 2.9.9.0

Thanks!
Michał

At the moment that is not a configurable parameter within the GUI.  And using the Advanced Passthrough feature doesn't work with preprocessors because of how the internal GUI code works for now.

I will add this parameter to the next Snort GUI update.  I'm working on some other Snort updates and hope to get an updated package posted in a couple of weeks or so.

Bill