Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zor1984
      last edited by

      snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @zor1984:

        snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

        Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

        Bill

        1 Reply Last reply Reply Quote 0
        • Z
          zor1984
          last edited by

          @bmeeks:

          @zor1984:

          snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

          Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

          Bill

          Thank you!  ;D

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

            File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

            Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

            It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

            Bill

            1 Reply Last reply Reply Quote 0
            • Z
              zor1984
              last edited by

              @bmeeks:

              I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

              File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

              Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

              It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

              Bill

              Thanks for your great work!  :-X

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                Well, some potentially bad news on the File Inspection feature.  It appears to be broken.  It is marked as "Experimental" in the README files included with the Snort source code.  I could not get it to detect even simple PDF files, and when it was enabled, Snort would die on every soft-restart command.  I have decided to pull this feature for now from the 2.9.7.0 update.

                I am now about to test out OpenAppID.  Hopefully it will work better …  :-\

                Bill

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.