Snort 2.9.5.5 pkg v3.0.2 Update Released – Bug fixes only



  • An update to the Snort package has been released.  This is a bug-fix update only. No new features are introduced. The Snort binary version remains at 2.9.5.5, but the GUI package version is now v3.0.2.

    The following issues are addressed in this update.

    • IPv6 gateway on WAN interface not included in automatic whitelist when IPv6 is enabled.

    • Snort Alert Log directory size limit not being enforced when enabled on the Global Settings tab. This resulted in the logging directories for Snort continuing to grow even when auto-pruning was enabled. This was a problem mainly for installations using CF cards as it could eventually cause the /var volume to fill to 100%.

    • Alert Log entries on the Alerts tab not sorting correctly during transition to a new year. The sort was by month without accounting for the year. This resulted in alerts from 12/31/2013 showing as more recent than alerts from 01/01/14, for example, when sorted in descending order because 12 would come before 01 when sorted descending.

    • In some instances CF card installations would log "file system is currently mounted read-only" errors when writing a new configuration file. The code was neglecting to remount the file system read-write prior to writing an updated configuration file.

    Bill



  • Successful install here.  Also, that memory leak we talked about seems to have cleared itself up.

    Its great to see these frequent updates, keep up the good work!



  • @ccb056:

    Successful install here.  Also, that memory leak we talked about seems to have cleared itself up.

    Its great to see these frequent updates, keep up the good work!

    Thank you.  On deck is an update to 2.9.5.6 of the Snort binary and barnyard2.1.3.  Hope to get those out soon.

    Bill



  • Hi thanks for keeping snort up2date :).

    I reinstalled the package (to update from previous version to this one).
    But now my paid VRT subscription doesnt work anymore.
    The Oinkcode is filled in, but it doesnt show on the Update tab, so when i hit update it gives a 403 error.

    I reinstalled the package, i reinstalled the package without previous settings so a clear config, still not working.
    It was working good with the previous version.

    snort version: 2.9.5.5 pkg v3.0.2
    pfsense version: 2.1-RELEASE (amd64)
    built on Wed Sep 11 18:17:37 EDT 2013
    FreeBSD 8.3-RELEASE-p11

    regards,

    Phyt



  • @Phyt:

    Hi thanks for keeping snort up2date :).

    I reinstalled the package (to update from previous version to this one).
    But now my paid VRT subscription doesnt work anymore.
    The Oinkcode is filled in, but it doesnt show on the Update tab, so when i hit update it gives a 403 error.

    I reinstalled the package, i reinstalled the package without previous settings so a clear config, still not working.
    It was working good with the previous version.

    snort version: 2.9.5.5 pkg v3.0.2
    pfsense version: 2.1-RELEASE (amd64)
    built on Wed Sep 11 18:17:37 EDT 2013
    FreeBSD 8.3-RELEASE-p11

    regards,

    Phyt

    Well, I hate to offer what may be the obvious as advice, but have you verified that your subscription has not expired?  Can you login directly to the Snort VRT site and download the subscription rules (not the older free ones) with your code?  There is also a link that will show you when your code expires.

    Your Oinkcode will not show on the Updates tab (and never has).  I'm not sure what you mean there.

    You should only enter the Oinkcode itself in the box on the Global Settings tab.  DO NOT enter the entire URL, Snort handles that part behind the scenes.  I mention this because in the past some folks thought they were supposed to type the whole URL into the textbox.

    And one last point…from time to time the Snort VRT does appear to go offline.  I would frequently get 403 errors and other connection problems around midnight U.S. Eastern Time with my auto-update jobs.  I rescheduled them to 01:30 instead, and things are better.

    Bill



  • Hi Thanks for your reply, but none of those applied for me I didnt write it down since I thought it was to obvious ;).

    Well I left pfsense / snort alone since yesterday reinstall, and it is working now.

    what i mean with oinkcode on the update tab is this:

    SNORT VRT RULES  –>  3ed..........

    and this wasnt updated yesterday, so it stayed at : SNORT VRT RULES  --> N/A, and yes i did insert my oinkcode, since it is working now again :).
    So don't know what happend but I am glad it is working now :).

    thanks for helping out, and can't wait for the next update :).

    cheers



  • @Phyt:

    Hi Thanks for your reply, but none of those applied for me I didnt write it down since I thought it was to obvious ;).

    Well I left pfsense / snort alone since yesterday reinstall, and it is working now.

    what i mean with oinkcode on the update tab is this:

    SNORT VRT RULES  –>  3ed..........

    and this wasnt updated yesterday, so it stayed at : SNORT VRT RULES  --> N/A, and yes i did insert my oinkcode, since it is working now again :).
    So don't know what happend but I am glad it is working now :).

    thanks for helping out, and can't wait for the next update :).

    cheers

    You probably just got unlucky and hit an interval where the Snort VRT rules site was down.  I've seen that happen before.  Everybody, even the Snort guys, can lose their Internet connection now and then… ;)

    I see now what you were talking about on the Updates tab.  That is actually the MD5 hash of the currently downloaded and installed rules file.  It's the same value you would see on the Snort VRT site if you download the small MD5 hash file there (assuming your rules are "current" at the time).

    Bill



  • Thanks for the updates and bugfixes, will update snort later and see how it goes
    Keep up the Good Work!



  • I noticed I was also getting update errors at some times during the day.

    I changed the 'Update Start Time' parameter to a non-standard value and it fixed the problems.


Log in to reply