Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort 2.9.5.5 pkg v3.0.2 Update Released – Bug fixes only

    pfSense Packages
    4
    9
    2552
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeks
      bmeeks last edited by

      An update to the Snort package has been released.  This is a bug-fix update only. No new features are introduced. The Snort binary version remains at 2.9.5.5, but the GUI package version is now v3.0.2.

      The following issues are addressed in this update.

      • IPv6 gateway on WAN interface not included in automatic whitelist when IPv6 is enabled.

      • Snort Alert Log directory size limit not being enforced when enabled on the Global Settings tab. This resulted in the logging directories for Snort continuing to grow even when auto-pruning was enabled. This was a problem mainly for installations using CF cards as it could eventually cause the /var volume to fill to 100%.

      • Alert Log entries on the Alerts tab not sorting correctly during transition to a new year. The sort was by month without accounting for the year. This resulted in alerts from 12/31/2013 showing as more recent than alerts from 01/01/14, for example, when sorted in descending order because 12 would come before 01 when sorted descending.

      • In some instances CF card installations would log "file system is currently mounted read-only" errors when writing a new configuration file. The code was neglecting to remount the file system read-write prior to writing an updated configuration file.

      Bill

      1 Reply Last reply Reply Quote 0
      • C
        ccb056 last edited by

        Successful install here.  Also, that memory leak we talked about seems to have cleared itself up.

        Its great to see these frequent updates, keep up the good work!

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          @ccb056:

          Successful install here.  Also, that memory leak we talked about seems to have cleared itself up.

          Its great to see these frequent updates, keep up the good work!

          Thank you.  On deck is an update to 2.9.5.6 of the Snort binary and barnyard2.1.3.  Hope to get those out soon.

          Bill

          1 Reply Last reply Reply Quote 0
          • P
            Phyt last edited by

            Hi thanks for keeping snort up2date :).

            I reinstalled the package (to update from previous version to this one).
            But now my paid VRT subscription doesnt work anymore.
            The Oinkcode is filled in, but it doesnt show on the Update tab, so when i hit update it gives a 403 error.

            I reinstalled the package, i reinstalled the package without previous settings so a clear config, still not working.
            It was working good with the previous version.

            snort version: 2.9.5.5 pkg v3.0.2
            pfsense version: 2.1-RELEASE (amd64)
            built on Wed Sep 11 18:17:37 EDT 2013
            FreeBSD 8.3-RELEASE-p11

            regards,

            Phyt

            1 Reply Last reply Reply Quote 0
            • bmeeks
              bmeeks last edited by

              @Phyt:

              Hi thanks for keeping snort up2date :).

              I reinstalled the package (to update from previous version to this one).
              But now my paid VRT subscription doesnt work anymore.
              The Oinkcode is filled in, but it doesnt show on the Update tab, so when i hit update it gives a 403 error.

              I reinstalled the package, i reinstalled the package without previous settings so a clear config, still not working.
              It was working good with the previous version.

              snort version: 2.9.5.5 pkg v3.0.2
              pfsense version: 2.1-RELEASE (amd64)
              built on Wed Sep 11 18:17:37 EDT 2013
              FreeBSD 8.3-RELEASE-p11

              regards,

              Phyt

              Well, I hate to offer what may be the obvious as advice, but have you verified that your subscription has not expired?  Can you login directly to the Snort VRT site and download the subscription rules (not the older free ones) with your code?  There is also a link that will show you when your code expires.

              Your Oinkcode will not show on the Updates tab (and never has).  I'm not sure what you mean there.

              You should only enter the Oinkcode itself in the box on the Global Settings tab.  DO NOT enter the entire URL, Snort handles that part behind the scenes.  I mention this because in the past some folks thought they were supposed to type the whole URL into the textbox.

              And one last point…from time to time the Snort VRT does appear to go offline.  I would frequently get 403 errors and other connection problems around midnight U.S. Eastern Time with my auto-update jobs.  I rescheduled them to 01:30 instead, and things are better.

              Bill

              1 Reply Last reply Reply Quote 0
              • P
                Phyt last edited by

                Hi Thanks for your reply, but none of those applied for me I didnt write it down since I thought it was to obvious ;).

                Well I left pfsense / snort alone since yesterday reinstall, and it is working now.

                what i mean with oinkcode on the update tab is this:

                SNORT VRT RULES  –>  3ed..........

                and this wasnt updated yesterday, so it stayed at : SNORT VRT RULES  --> N/A, and yes i did insert my oinkcode, since it is working now again :).
                So don't know what happend but I am glad it is working now :).

                thanks for helping out, and can't wait for the next update :).

                cheers

                1 Reply Last reply Reply Quote 0
                • bmeeks
                  bmeeks last edited by

                  @Phyt:

                  Hi Thanks for your reply, but none of those applied for me I didnt write it down since I thought it was to obvious ;).

                  Well I left pfsense / snort alone since yesterday reinstall, and it is working now.

                  what i mean with oinkcode on the update tab is this:

                  SNORT VRT RULES  –>  3ed..........

                  and this wasnt updated yesterday, so it stayed at : SNORT VRT RULES  --> N/A, and yes i did insert my oinkcode, since it is working now again :).
                  So don't know what happend but I am glad it is working now :).

                  thanks for helping out, and can't wait for the next update :).

                  cheers

                  You probably just got unlucky and hit an interval where the Snort VRT rules site was down.  I've seen that happen before.  Everybody, even the Snort guys, can lose their Internet connection now and then… ;)

                  I see now what you were talking about on the Updates tab.  That is actually the MD5 hash of the currently downloaded and installed rules file.  It's the same value you would see on the Snort VRT site if you download the small MD5 hash file there (assuming your rules are "current" at the time).

                  Bill

                  1 Reply Last reply Reply Quote 0
                  • H
                    humps last edited by

                    Thanks for the updates and bugfixes, will update snort later and see how it goes
                    Keep up the Good Work!

                    1 Reply Last reply Reply Quote 0
                    • C
                      ccb056 last edited by

                      I noticed I was also getting update errors at some times during the day.

                      I changed the 'Update Start Time' parameter to a non-standard value and it fixed the problems.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense Plus
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy