Snort 2.9.2.3 pkg v. 2.4.1 Issues

mschiek01

Latest update will not start SSL ports are defined

Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
Jul 11 22:07:25 snort[51882]:
Jul 11 22:07:25 snort[51882]:
Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :
Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :

chowtamah

Snort 2.9.2.3 pkg v. 2.4.1

Started without problem.

Thanks for the fantastic design of Categories page. :-*

AhnHEL

@mschiek01:

Latest update will not start SSL ports are defined

Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
Jul 11 22:07:25 snort[51882]: FATAL ERROR: /usr/local/etc/snort/snort_24899_em1/snort.conf(55) Missing argument to SSL_PORTS_IGNORE
Jul 11 22:07:25 snort[51882]:
Jul 11 22:07:25 snort[51882]:
Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
Jul 11 22:07:25 snort[51882]: [ 443 465 563 636 987 989:990 992:995 3389 ]
Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :
Jul 11 22:07:25 snort[51882]: PortVar 'SSL_PORTS' defined :

If you go into your Preprocessor Tab and put a comma in between each port for the Define SSL_IGNORE, then Snort will start successfully.  Instructions on that tab state use spaces and not commas but apparently that isn't the case anymore.

digdug3

The font size in the supression list is still to small.

please change /themes/pfsense_ng/all.css:
.formpre {
    font-family: Courier New,Courier,monospaced;
    font-size: 10px;
}

to:
.formpre {
    font-family: Courier New,Courier,monospaced;
    font-size: 12px;
}

judex

I also say a big thanks for all of you putting efforts into making this package stable again. Basically it runs very well on my system the last days.
Also the new categories interface looks much better.

Only thing I am missing on categories page is my local ruleset which is named "my.rules". Are local categories expected to have a special naming?
Anyway, it is still possible to select this local category on rules page, where it shows up as selected and active. So it is not a big issue.

Thx again and have a nice day!

Greets, Judex

judex

Update: 2.4.1 does no alerting on my system (2.0.1, amd64) also.  :-
There seems to be no improvement from 2.4.0

fragged

I got Snort 2.4.2 working after I used pkg_delete to remove few of the Snort dependencies which were missing files and now Snort blocks my LAN machines which it didn't do before. I should have the same settings as before.. Whats going on? :)

Edit:
Actually.. it blocks my WAN address, even that should be whitelisted.

eri--

Reisntall to 2.4.2 and all should be ok.