Snort 2.9.5.5 pkg v3.0.1 Update – Minor bug fixes
-
Snort 2.9.5.5 pkg v3.0.1
Change LogThis Snort package update is a minor bug fix release only. No new features are added.
Bug Fixes
-
Removed dependence on session variables in the Alias selection code associated with multi-engine configurations on the PREPROCESSORS tab. Also changed the way the referrer was transferred to the Alias selection page. This should fix issues on some browsers when returning to the original calling page with selected aliases.
-
Ensure reasonable defaults are set for the new SDF (Sensitive Data) preprocessor options introduced in version 3.0.0 of the package. Formerly, if the new values were not set and users had the SDF preprocessor enabled, Snort would error out on startup.
-
Updated the valid FTP server commands in the snort.conf file to match the latest defaults posted at http://www.snort.org/vrt/snort-conf-configurations/. Also added the MFMT command as a valid FTP command per user request.
Bill
-
-
Umm.. After the 3.0.0 update I now see "snort" as installed package with no version information and "Snort" as an available package with version 3.0.1? How do I get the package manager to see that I do indeed have Snort 3.0.0 installed right now?
-
Umm.. After the 3.0.0 update I now see "snort" as installed package with no version information and "Snort" as an available package with version 3.0.1? How do I get the package manager to see that I do indeed have Snort 3.0.0 installed right now?
Yeah, this will be fixed in a moment I hope. I used "Snort" in the package name instead of "snort" with lowercase. I've posted the fix and am waiting for one of the Core Team guys to quickly merge it.
For now I will remove the update notice and repost when the fix is posted.
Sorry,
Bill -
Works now :)
-
-
It also looks like my Snort interfaces now start much faster?!
-
It also looks like my Snort interfaces now start much faster?!
That could be a 2.9.5.5 Snort binary benefit. There is really nothing that changed in the GUI code that should impact that. I noticed that my interfaces also seem to start faster. Of course I also recently updated my hardware from an Atom to an Intel i3 3.3 GHz processor, so that may also have a lot to do with it on my end.
Bill
-
Hi,
when installing this package I get this error:
snort[44829]: FATAL ERROR: The dynamic detection library "/usr/pbi/snort-amd64/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so" version 1.0 compiled with dynamic engine library version 1.0 isn't compatible with the current dynamic engine library "/usr/pbi/snort-amd64/lib/snort/dynamicengine/libsf_engine.so" version 1.17.
I have tried to uninstall, reboot and install several times with no luck.
-
Hi,
when installing this package I get this error:
snort[44829]: FATAL ERROR: The dynamic detection library "/usr/pbi/snort-amd64/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so" version 1.0 compiled with dynamic engine library version 1.0 isn't compatible with the current dynamic engine library "/usr/pbi/snort-amd64/lib/snort/dynamicengine/libsf_engine.so" version 1.17.
I have tried to uninstall, reboot and install several times with no luck.
This generally indicates an old copy of the shared object rules around someplace. I'm surprised because this shouldn't happen on 2.1 pfSense with PBI. Tell me if this was originally a 2.0.x box upgraded to 2.1.
As for the fix, try these steps.
-
Remove the Snort package by clicking the X icon beside the Snort package on the Installed Packages tab.
-
When the package deletion completes, open a console session to the firewall and exit to the shell prompt. Type the command rm -rf /usr/local/lib/snort
-
Now install Snort again by going to Available Packages and choosing it.
If you still have trouble, then gather some troubleshooting information for me. From a console session, issue the command:
snort -Vand tell me what version it prints.
Bill
-
-
Snort Alerts list doesn't show entries from 1.1.2014 at the top. When clicking on the Date column to sort by date, the alerts from today show up at the top again. Bug or by design?
-
It does here on all firewalls. (show entries from 01/01/14)
Running 2.0.3 with the latest Snort.
-
Same here "fragged" on 2.1 x64. I'm sure within the next day all will be fine.
-
On a closer look no matter how I arrange by date, it's always backwards for 2014 vs 2013. Must be a bug in the sorting piece of code or something.
-
… and the problem flows through to the Dashboard Widget, resulting in the most current alerts not being displayed.
-
As said….not an issue on 2.0.3 for me.
-
On a closer look no matter how I arrange by date, it's always backwards for 2014 vs 2013. Must be a bug in the sorting piece of code or something.
I checked on my production firewall and indeed the default sort appears to be putting the December 31, 2013 events above the January 2014 events. However, you can click the DATE column header on the Alerts tab and sort the alerts so the January 01, 2014 events are at the top. See the screenshot below showing the sorted list. This is from a 2.1-RELEASE pfSense firewall.
Bill
-
On 2.0.3 it seems fine Bill.
-
On 2.0.3 it seems fine Bill.
OK. I just edited/replaced my original reply above with updated info. I will check the Dashboard Widget next on 2.1.
Bill
-
OK, found a "sort of fix" for the Snort Alerts Dashboard Widget. It keys off the "sort setting" for the System Log. If you have your system log entries displaying in reverse order, then the Snort Alerts Widget sorts the same way. If you toggle System Log entries to display in "normal order", then the Snort Alerts Widget sorts correctly.
The problem here is, I think, in the sorting logic of the System Log. When toggled to display in "reverse" (that is, newest entries displayed first), it sorts the leading zero improperly in the timestamp. The same problem is copied over into the Snort Widget code by the original author.
Bill
-
The log in Snort on the alerts table has the problem even on 2.0.3.
The widget doesnt.
