Snort on 2.1 dev ??
-
this may work… install the package log into the box via ssh. run
pkg_add -f http://files.pfsense.com/packages/8/All/snort-2.9.0.5_1.tbz
goto gui, update rules and see if it starts... make sure all the per-processors are checked..
How is this going to affect future updates, both of the packages and/or the OS or snort?
you would have to reapply it… i'm hoping once 2.1 is released, that snort will also be updated.
-
iirc a few months ago there was a monetary donation earmarked specifically for Snort, to finally integrate it with pf (ala spoink, snort2c, SnortSam etc). Perhaps do a new round of "crowdfunding" to finally get this done?
-
iirc a few months ago there was a monetary donation earmarked specifically for Snort, to finally integrate it with pf (ala spoink, snort2c, SnortSam etc). Perhaps do a new round of "crowdfunding" to finally get this done?
i remember donating for that…... not sure what is left from the pool... but If I was PMing pfSense, i would want to get 2.1 release first...
-
There is something interesting the snort package provided by 8.3 free is older than older freebsd version stable version 2.9.2.3
What do you get when you type /usr/local/etc/rc.d/snort start can you post output .
When I type snort start
Initializing Output Plugins!
Snort BPF option: start
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from "bge0".
ERROR: Can't set DAQ BPF filter to 'start' (pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..
Is pfsense 2.1 build on old packages ? It seems that when I try to install something on pfsense it states that needs newer packages -
pkg_add -f http://files.pfsense.com/packages/8/All/snort-2.9.0.5_1.tbz
This does not work. It installs via ssh but nothing shows up in GUI.
-
pkg_add -f http://files.pfsense.com/packages/8/All/snort-2.9.0.5_1.tbz
This does not work. It installs via ssh but nothing shows up in GUI.
install the pfsense snort package first via the gui…. then drop down ssh and run the above command
this will overwrite the binaries that were installed from the pfsense snort package
-
Tried that too. Via SSH it downloads the package but does not install it.
-
Tried that too. Via SSH it downloads the package but does not install it.
your killing me…. Can you post what your seeing? from when you press enter to were it fails to install
-
Similar issue here:
First had the regular package installed. I could update rules, etc. but snort would never run, Dashboard always shows snort as stopped.
Same thing after the pkg_add procedure -
I belie problems lies in the fact that gui does not create proper list of rules that need to be loaded.
I don't know if the gui should store stuff in database or creates file with rules.
I can start snort by typing snort using ssh but trying to start snort with config files as it does not know what rules to load.
