Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0 RC1 - SNORT Rules

    pfSense Packages
    3
    5
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnodon
      last edited by

      First things first…

      Name pfsense.localdomain
      Version 2.0-RC1 (i386)
      built on Fri Apr 1 21:22:49 EDT 2011
      You are on the latest version.

      I installed SNORT via the package and entered my OinkCode.  Assigned WAN to SNORT and started it.  I then went to Updates and forced an update.  When I go to Services -->  Snort --> Updates, this is what I see:

      INSTALLED SIGNATURE RULESET

      SNORT.ORG >>>  N/A
      EMERGINGTHREATS.NET >>>  N/A
      PFSENSE.ORG >>>  102

      Should there be some kind of version listed for SNORT.ORG?

      TIA,

      John

      1 Reply Last reply Reply Quote 0
      • J
        jonta
        last edited by

        i can also confirm this on:
        2.0-RC1 (i386)
        built on Sat Feb 26 16:33:51 EST 2011

        1 Reply Last reply Reply Quote 0
        • J
          johnodon
          last edited by

          I just ried to force another update…same result.

          I am seeing the following in the system log but I am not sure if it is importance:

          Apr 2 16:13:22 SnortStartup[43509]: Snort HARD Reload For 19427_bge0…
          Apr 2 16:13:22 snort[43237]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge019427.pid" for PID "43237"
          Apr 2 16:13:22 snort[43237]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge019427.pid" for PID "43237"
          Apr 2 16:13:22 snort[43237]: PID path stat checked out ok, PID path set to /var/log/snort/run
          Apr 2 16:13:22 snort[43237]: PID path stat checked out ok, PID path set to /var/log/snort/run
          Apr 2 16:13:22 snort[43237]: Checking PID path…
          Apr 2 16:13:22 snort[43237]: Checking PID path…
          Apr 2 16:13:22 snort[43237]: Daemon initialized, signaled parent pid: 42837
          Apr 2 16:13:22 snort[43237]: Daemon initialized, signaled parent pid: 42837
          Apr 2 16:13:22 snort[42837]: Daemon parent exiting
          Apr 2 16:13:22 snort[42837]: Daemon parent exiting
          Apr 2 16:13:22 snort[42837]: Initializing daemon mode
          Apr 2 16:13:22 snort[42837]: Initializing daemon mode
          Apr 2 16:13:22 snort[42837]: Initializing Network Interface bge0
          Apr 2 16:13:22 snort[42837]: Initializing Network Interface bge0
          Apr 2 16:13:22 snort[42837]: Verifying Preprocessor Configurations!
          Apr 2 16:13:22 snort[42837]: Verifying Preprocessor Configurations!
          Apr 2 16:13:22 snort[42837]: Rule application order: activation->dynamic->pass->drop->alert->log
          Apr 2 16:13:22 snort[42837]: Rule application order: activation->dynamic->pass->drop->alert->log

          1 Reply Last reply Reply Quote 0
          • J
            johnodon
            last edited by

            Looks like I got an update overnight:

            SNORT.ORG >>>  "4e65d3dfa6cf8f804d053d7fa0c44c2e"
EMERGINGTHREATS.NET >>>  N/A
PFSENSE.ORG >>>  102

            John

            1 Reply Last reply Reply Quote 0
            • D
              Dayblade
              last edited by

              Same here.  Seems like the Oink/Snort db service was offline etc. when I tried to connect.  Last night mine updated as well.

              Now the big question becomes - how many of those rules to turn on? :)

              Dayblade

              1 Reply Last reply Reply Quote 0
              • First post
                Last post