Snort 2.8.4.1_1 pkg v. 1.6 RC4 So Far So Good



  • Very happy with 1.6 RC4  ;D

    Installed the Snort 2.8.4.1_1 pkg v. 1.6 RC4 on the production pfsense box yesterday to try on the loading and blocking test. At first got confused on whether required to remove the original Snort packages and then installed the Snort-dev packages, or running both together.  ???

    At the end, got the Snort-dev only running perfect.

    It is now over 24 hours and I did not received any complain phone call from user and clients. The blocking and alert work well. The "Blocking Tab" are now much faster to display all the blocked ip (around 4 to 5 seconds). This is really a major improve. The "Remove blocked hosts time" for one hour work well.  ;)

    The disable features on the Categories rules now working perfect, i no longer need to double check whether all the rules i last disabled has become activated again after each Snort Rules update.  :D

    Overall performance, the Snort-Dev 1.6 RC4 so far perform great during the last 24 hours.

    Once again, very appreciated all the works done by the Pfsense team and great works from JamesDean.

    Best Regards,

    Davc





  • Great I already installed too … one question is any way to send message to the snort block offenders automatically ?? thanks !



  • oh…the "Update rules automatically" that I set every 6 hours only able to update the rules but without the capability to restart the Snort Packages.  :-\



  • @jchuerta:

    Great I already installed too … one question is any way to send message to the snort block offenders automatically ?? thanks !

    Why would you want to send messages to the offenders?
    The offender is usually outside your LAN.



  • Thanx Davc..

    I'm updating the download rules code to restart snort if its running.

    Hugovsky

    I'm on it.
    Reload of snort when a new ip's is seen.

    jchuerta

    Not going to happen…



  • I can only see this snort-dev package. Using pfsense 1.2.2

    "Stable
    2.8.4.1_2 RC5
    platform: 1.2.2"

    Do I need 1.2.3 RC3(or whichever) to see the snort dev 1.6 RC4 ?



  • @Hostmaster:

    I can only see this snort-dev package. Using pfsense 1.2.2

    "Stable
    2.8.4.1_2 RC5
    platform: 1.2.2"

    Do I need 1.2.3 RC3(or whichever) to see the snort dev 1.6 RC4 ?

    lol

    Just install RC5.

    James


Log in to reply