Snort v4.0_3 -- Release Notes



  • Snort Package v4.0_3
    An update for the Snort package on pfSense-2.5-DEVEL has been posted. This version is only available for users of the pfSense-2.5-DEVEL snapshots.

    Updated Info (4.0_3): the package was bumped once more from 4.0_2 to 4.0_3 to fix a misspelling of the LOG_WARNING syslog() function Priority flag. It was incorrectly spelled as LOG_WARN in the initial 4.0_2 version.

    The update includes a few minor tweaks and bug fixes.

    Upgrade Procedure Caution: it is suggested that you first remove the Snort package and then install it again for this update. This will insure that your upgrade is performed using the new version of the relevant PHP files.

    New Features:

    1. Log messages are now tagged with a PRIORITY flag to facilitate parsing by third-party log analysis programs. The PHP syslog() function is now used for system logging and an appropriate PRIORITY tag is included with each logged message.

    Bug Fixes:

    1. Fix issues with updating the dynamic STATUS icons for Snort and Barnyard2 on the INTERFACES tab when starting/stopping Snort and Barnyard2 on an interface.

    2. Change log rotation code to use rename() to just move the existing log file to a new name and then touch() to create the new empty one instead of a copy-then-empty string write sequence. The former is much more efficient.

    3. Ensure that binary-installed files and rules such as preprocessor and decoder rules are not deleted by GUI code during package upgrade or removal.

    4. Make "Clear Blocked Hosts on Package Removal" the default on the GLOBAL SETTINGS tab. This will help ensure any blocks inserted by Snort are removed along with the package.

    5. Check for the "Remove Blocked Hosts After De-Install" setting preference and act accordingly when upgrading or uninstalling the package. Formerly this check only happened when removing the package and electing to "not save" settings.

    6. Recreate any critical config or preprocessor rules files from the "**-sample" versions if missing on upgrade or package reinstall to prevent Snort startup warnings or failures.


Log in to reply