Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 4.1.3 Update (posted for pfSense 2.5 Development) - Release Notes

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 529 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by bmeeks

      Suricata-4.1.3

      This update for the Suricata package introduces one modified new feature, fixes three bugs and brings the stats logging parameter settings in suricata.yaml inline with the newest Suricata release. In addition, the underlying binary portion of the package is also updated to version 4.1.3. The Change Log for that version is here.

      NOTE: this update is initially available only for the pfSense-2.5 DEVELOPMENT tree. It will be backported to the pfSense-2.4.x RELEASE tree after sufficient user testing.

      New Features

      1. Provide separate enable checkboxes for controlling the logging of flow and netflow data. Formerly a single setting (Traffic Flows) was provided that either enabled or disabled both flow and netflow data logging simultaneously. These two parameters can now be set independently of each other. Reference Issue #9403 on the pfSense Redmine site.

      Modified Features

      1. Adjust stats logging config parameters in suricata.yaml to bring them in ilne with the format expected by the Suricata 4.1.3 binary.

      Bug Fixes

      1. The sample conf files for SID MGMT provided in the package we not being read and installed properly on new green field installations of Suricata. Thus there were no sample conf files present on the SID MGMT tab.

      2. On the CATEGORIES tab, status messages for the Snort GPLv2 Community Rules were showing the variable name used to hold the status message instead of the content of the variable and thus the acutal message.

      3. Update Snort Subscriber Rules tarball filename in hint text to snortrules-snapshot-29120.tar.gz to reflect the most recent Snort 2.9.x rules release filename.

      1 Reply Last reply Reply Quote 0
      • N
        NRgia
        last edited by NRgia

        Hello @bmeeks
        A new port version for Suricata is available 4.1.3_2 at Freshports . It's not a major update, but it includes an update for Rust language, which is used by Suricata.

        Maybe when you have time, can you update the package for the guys to test in pfSense-2.5 DEVELOPMENT ?

        https://www.freshports.org/security/suricata/

        Thank you

        bmeeksB 1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @NRgia
          last edited by

          @NRgia said in Suricata 4.1.3 Update (posted for pfSense 2.5 Development) - Release Notes:

          Hello @bmeeks
          A new port version for Suricata is available 4.1.3_2 at Freshports . It's not a major update, but it includes an update for Rust language, which is used by Suricata.

          Maybe when you have time, can you update the package for the guys to test in pfSense-2.5 DEVELOPMENT ?

          https://www.freshports.org/security/suricata/

          Thank you

          This will happen sort of auto-magically next quarter when the pfSense devs update FreeBSD-ports for pfSense to the latest version of the upstream FreeBSD ports tree. They sync the DEVEL tree to FreeBSD ports upstream each quarter. For example, just this past April 1st the DEVEL tree was updated. That means the Rust 1.34 and Suricata 4.1.3_2update was just missed, but it should get picked up with the June 1st sync. At that point Suricata will build with the new Rust version.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.