Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort v3.2.9.10_3 Release Notes (for pfSense-2.4.5 installs only)

    IDS/IPS
    2
    3
    724
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeks
      bmeeks last edited by

      Snort v3.2.9.10_3 Release Notes

      Important Warning: this update for Snort is ONLY for use on pfSense-2.4.5 installs. If you have not yet updated your pfSense installation, then DO NOT install this update until you have updated pfSense to 2.4.5!

      This update randomizes the periodic rules update check to spread the load on the rules update sites due to the large number of pfSense Snort installations. The former default value had large numbers of machines hitting the rules update sites at precisely 5 minutes past the midnight hour local time.

      New Features:

      1. The Rules Update Start Time on the GLOBAL SETTINGS tab now has a random minute for the default start time for first-time users.

      2. For existing users who have never changed their Rules Update Start Time from the old default of 00:05, the minutes value will be randomized and stored.

      3. The PHP module that performs the actual rules update check will randomly sleep for between 0 and 35 seconds before actually making connection to the Snort.org site.

      Bug Fixes:
      None

      S 1 Reply Last reply Reply Quote 0
      • S
        serbus @bmeeks last edited by

        Hello!

        Not sure, but I think the minutes might need to be padded...

        $snort_rules_upd_time = "00:" . str_pad(strval(random_int(0,59)), 2, "00", STR_PAD_LEFT);

        John

        Lex parsimoniae

        bmeeks 1 Reply Last reply Reply Quote 1
        • bmeeks
          bmeeks @serbus last edited by

          @serbus said in Snort v3.2.9.10_3 Release Notes (for pfSense-2.4.5 installs only):

          Hello!

          Not sure, but I think the minutes might need to be padded...

          $snort_rules_upd_time = "00:" . str_pad(strval(random_int(0,59)), 2, "00", STR_PAD_LEFT);

          John

          Oops! You may be right. It didn't show up in my quick testing because the random function returned two-digit minutes for me.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post