Snort-dev has been released. old snort has been renamed snort-old
-
1; IE 8 stalls when downloading rules.
More feedback - my IE8 D/L issue might be isolated. I had another setup sucessfully work controlled by IE8.
-
Thanks for all your help JamesDean! I will say that I am still having Snort issues, but I'm going have to do another clean 1.2.3 install and see what happens. I've loved using Snort, so I hope I can continue to.
-
Sweet! Thanks for all the great work on this package! I just installed the new version however I dont see where you can add adutional config options, it used to have a GUI section for custom options that would add <configpassthru>and <snortbarnyardlog_database>.
LiGHT</snortbarnyardlog_database></configpassthru>
-
Humm… Im also missing the rule editor. Is this in the new version as well? Perhaps my install went bad at some point.
LiGHT
-
Never mind my previous posts, I went into my /cf/conf/config.xml and removed all traces of the snort package, reinstalled and everything is looking NICE! Good job on this package folks!
LiGHT
-
Bad day so far. I thought this would be easy install from the last dev to the release. I uninstalled the last dev release and rebooted (I always like a clean boot). Then pfsense (1.2.3)failed to respond. I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
I could not browse into the pfsense box, but I could ssh in.
I needed it back in a hurry and after 30 minutes I could not figure it out. So fresh install and restore and I am back up and running. Maybe the next machine I'll skip the reboot process :)
Just my warning…. -
tester_02
It might've been easier to just reinstall the upgrade from ssh so you didn't have to reconfigure. This happened to me a little bit ago, but wasn't snort related.
-J
-
I remember some posts on how to do it, but I could not get on the net easily and browse here to find the commands to do it. It was easier to install and import config than to get on the net to find out how. freebsd newb here.
Got a new reinstall down to 1/2 hour with everything back to normal. Good thing I've remembered to export any changes :)
-
Hi JamesDean,
I just did an upgrade from what was "old-Snort" to the latest version.
In the some where during the upgrade i got this errorFatal error: Cannot redeclare sync_package_snort_reinstall() (previously declared in /usr/local/pkg/snort.inc:46) in /usr/local/pkg/snort/snort.inc on line 323
The upgrade froze, so i did the upgrade again and it seemed to install ok.
I need to reset up Snort at this point so i do not have any useful feed back yet
But i do have a GUI issue See screen shot
Thanks for your helprunning PF 1.2.3 FULL
tested on FF3.6.2 and IE 8![4-1-2010 10-11-57 PM.png](/public/imported_attachments/1/4-1-2010 10-11-57 PM.png)
![4-1-2010 10-11-57 PM.png_thumb](/public/imported_attachments/1/4-1-2010 10-11-57 PM.png_thumb)
![4-1-2010 10-12-57 PM.png](/public/imported_attachments/1/4-1-2010 10-12-57 PM.png)
![4-1-2010 10-12-57 PM.png_thumb](/public/imported_attachments/1/4-1-2010 10-12-57 PM.png_thumb) -
Just tried to run the update manually and it seems to stuck on clean up process.
When checking the logs, I see this twice:
snort[45846]: Could not remove pid file /var/run//snort_em19121_em1.pid: Permission deniedI'm guessing this has something to do with the snort account permissions on the files/folder? Unfortunately, I'm still fairly new to using the CLI on FreeBSD and Linux, etc and not sure how to fix this.
-
Bad day so far. I thought this would be easy install from the last dev to the release. I uninstalled the last dev release and rebooted (I always like a clean boot). Then pfsense (1.2.3)failed to respond. I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
I could not browse into the pfsense box, but I could ssh in.
I needed it back in a hurry and after 30 minutes I could not figure it out. So fresh install and restore and I am back up and running. Maybe the next machine I'll skip the reboot process :)
Just my warning….I have the same problem!! Fresh install :)
-
Just tried to run the update manually and it seems to stuck on clean up process.
When checking the logs, I see this twice:
snort[45846]: Could not remove pid file /var/run//snort_em19121_em1.pid: Permission deniedI'm guessing this has something to do with the snort account permissions on the files/folder? Unfortunately, I'm still fairly new to using the CLI on FreeBSD and Linux, etc and not sure how to fix this.
One low end systems cleanup may take a few minutes.
"snort_em19121_em1.pid" has nothing to do with updates.I'll review the code but its working for me on firefox.
Maybe its a IE thing I have to workout.
Are you on nanobsd ?
What browser and pfsense version are you using ?
james
-
Bad day so far. I thought this would be easy install from the last dev to the release. I uninstalled the last dev release and rebooted (I always like a clean boot). Then pfsense (1.2.3)failed to respond. I am guessing squid/squidguard, although I did notice the webconfigurator failed to start.
I could not browse into the pfsense box, but I could ssh in.
I needed it back in a hurry and after 30 minutes I could not figure it out. So fresh install and restore and I am back up and running. Maybe the next machine I'll skip the reboot process :)
Just my warning….I have the same problem!! Fresh install :)
I think I know whats wrong. I am unistalling mysql and perl. I fix it in a bit.
James
-
Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
Ver. 2.8.5.3 pkg v. 1.19 -
Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
Ver. 2.8.5.3 pkg v. 1.19This is the first time i am using the new package, so i am not sure if it should be somewhere else…
But i do have a category tab on the interface -
Anyone else missing the rules category Tab?…...All other Tabs are there including rules update and downloaded rules went ok.
Ver. 2.8.5.3 pkg v. 1.19This is the first time i am using the new package, so i am not sure if it should be somewhere else…
But i do have a category tab on the interface@anyone having troubles with the new package
Tracked the problems to the old-snort.
Seems old-snort is not uninstalling completely and is conflicting with the new install.
Do a fresh install, sorry I didn't see this coming.James
-
RE:
One low end systems cleanup may take a few minutes.
"snort_em19121_em1.pid" has nothing to do with updates.I'll review the code but its working for me on firefox.
Maybe its a IE thing I have to workout.
Are you on nanobsd ?
What browser and pfsense version are you using ?
james
It's not a low end system, quad core, 4gb, etc. I'm using the latest version firefox (although I might've been on my mac at the time) with 1.2.3-RELEASE (not nanobsd). I refreshed the browser and everything looks ok. Restarted snort and it came up ok. Looks like it's running ok, so probably nothing.
-
I found two issues after performing a fresh install of 1.2.3-Release. First logging to mysql database does not look to be functioning properly. The configuration looks to be going into place but I never see any connection attempts to the mysql server.
Syslog output from barnyard2:
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: database: host = 10.1.1.5
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: database: host = 10.1.1.5
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: ===============================================================================
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: ===============================================================================
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: database: user = snort
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: database: user = snort
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: Record Totals:
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: Record Totals:
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: database: database name = snort
resistance.quantum.local daemon 10:42:27 barnyard2 barnyard2[41812]: database: database name = snortI ran a TCPdump at the time of snort starting up and I see it make an initial connection to the mysql server, I took at look at the database and it updates its sensor name and interface info however when alerts are generated by snort there is no updates sent to the database.
Second, this is a minor issue, in the system.log everything from snort and barnyard2 is logging twice at startup, as you can see above. I think the old version may have done this too.
Another feature that I liked in the old version was the ability to add in custom commands. In my syslogs I liked snort alerts to show up as warnings ie. <configpassthru>output alert_syslog: log_warning</configpassthru> (by default they are sent as alert).
LiGHT
-
james when you have time,
I tried to define some servers and on saving I get the following error
snort release pf 2.0 April 3 windows 7 ff3.6.3
Warning: touch(): Unable to create file because No such file or directory in /usr/local/www/snort/snort_define_servers.php on line 215 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_define_servers.php:215) in /usr/local/www/snort/snort_define_servers.php on line 217 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_define_servers.php:215) in /usr/local/www/snort/snort_define_servers.php on line 218 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_define_servers.php:215) in /usr/local/www/snort/snort_define_servers.php on line 219 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_define_servers.php:215) in /usr/local/www/snort/snort_define_servers.php on line 220 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_define_servers.php:215) in /usr/local/www/snort/snort_define_servers.php on line 221 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/snort/snort_define_servers.php:215) in /usr/local/www/snort/snort_define_servers.php on line 224
-
@anyone having troubles with the new package
Tracked the problems to the old-snort.
Seems old-snort is not uninstalling completely and is conflicting with the new install.
Do a fresh install, sorry I didn't see this coming.James
Hi and thanks for your great work with Snort.
Is there any way for doing this without doing full fresh install of Pfsense? I am using 1.2.3 release of Pfsense, and stuck with Snort 2.8.4.1_5 pkg v. 1.7. The new version just wont start (conflicting with the old-snort leftovers).