Snort v4.1_1 Update for pfSense-2.5-DEVEL -- Release Notes
bmeeks last edited by bmeeks
Snort v4.1_1 (for pfSense-2.5 DEVEL only)
This update to the Snort GUI package for pfSense-2.5 DEVEL adds two new features.
Add an option on the INTERFACE SETTINGS tab to enable tcpdump compatible packet captures from alerts. A capture file size limit can also be set. Once a capture file exceeds the limit, it is rotated and a new capture file is opened. The packet captures are stored in the interface's logging subdirectory under
/var/log/snort. The filename is
snort.log. Rotated files will have a UNIX timestamp appended to the name. If you enable packet captures, you are strongly encouraged to enable automatic log size management on the LOGS MGMT tab and set reasonable limits for your hardware. Failure to do this can lead to disk space exhaustion!
Add a new binary Unified2 format log file for OpenAppID alerts. This file is for future use. It resides in the interface's logging subdirectory under
/var/log/snort. On the LOG MGMT tab you can configure size and retention limits for the OpenAppID alerts log. The filename is
appid.alerts. Rotated files will have a UNIX timestamp appended to the name.