Snort v3.2.9.10_3 Release Notes (for pfSense-2.4.5 installs only)



  • Snort v3.2.9.10_3 Release Notes

    Important Warning: this update for Snort is ONLY for use on pfSense-2.4.5 installs. If you have not yet updated your pfSense installation, then DO NOT install this update until you have updated pfSense to 2.4.5!

    This update randomizes the periodic rules update check to spread the load on the rules update sites due to the large number of pfSense Snort installations. The former default value had large numbers of machines hitting the rules update sites at precisely 5 minutes past the midnight hour local time.

    New Features:

    1. The Rules Update Start Time on the GLOBAL SETTINGS tab now has a random minute for the default start time for first-time users.

    2. For existing users who have never changed their Rules Update Start Time from the old default of 00:05, the minutes value will be randomized and stored.

    3. The PHP module that performs the actual rules update check will randomly sleep for between 0 and 35 seconds before actually making connection to the Snort.org site.

    Bug Fixes:
    None



  • Hello!

    Not sure, but I think the minutes might need to be padded...

    $snort_rules_upd_time = "00:" . str_pad(strval(random_int(0,59)), 2, "00", STR_PAD_LEFT);

    John



  • @serbus said in Snort v3.2.9.10_3 Release Notes (for pfSense-2.4.5 installs only):

    Hello!

    Not sure, but I think the minutes might need to be padded...

    $snort_rules_upd_time = "00:" . str_pad(strval(random_int(0,59)), 2, "00", STR_PAD_LEFT);

    John

    Oops! You may be right. It didn't show up in my quick testing because the random function returned two-digit minutes for me.


Log in to reply