Important Notice for Suricata Package Users!
bmeeks last edited by bmeeks
Attention Suricata Package Users:
Sometime in the next few days an update for Suricata v5.0.3 will appear in the pfSense-2.5 DEVEL branch for AMD64 and ARM 64-bit hardware. This update includes support for the Suricata 5.0.3 binary. It also includes several new EVE logging options and a number of bug fixes.
One very big change is the removal of Barnyard2 support as mentioned in earlier posts this year. Barnyard2 is no longer actively maintained in the FreeBSD ports tree, and as a result is dependent on a very old and end-of-life version of the MySQL database library with unpatched security vulnerabilites. The upstream Suricata developers are also removing the ability of Suricata to generate the Unified2 binary logging format files that Barnyard2 needed. So all in all, it is time for Barnyard2 to go.
To ensure the Barnyard2 binary and the old MySQL libraries are removed from your firewall, I suggest following these steps when the new package is released.
- Go to the GLOBAL SETTINGS page and scroll down to General Settings near the bottom. Make sure the box to retain settings is checked. By default this box is checked.
Now go to the SYSTEM > PACKAGE MANAGER menu and on the Installed Packages tab click the trash icon to delete the currently installed Suricata package. You will not lose any configuration settings. They will be maintained and applied again in the next step. Confirm the package removal and let the process complete.
Now click on the Available Packages tab, locate Suricata in the list, and click Install. Let the installation complete. Wait for the green success bar! It will take some time, especially if you have Snort rules enabled in your configuration.