Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

    pfSense Packages
    2
    6
    1522
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zor1984 last edited by

      snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        @zor1984:

        snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

        Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

        Bill

        1 Reply Last reply Reply Quote 0
        • Z
          zor1984 last edited by

          @bmeeks:

          @zor1984:

          snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

          Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

          Bill

          Thank you!  ;D

          1 Reply Last reply Reply Quote 0
          • bmeeks
            bmeeks last edited by

            I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

            File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

            Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

            It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

            Bill

            1 Reply Last reply Reply Quote 0
            • Z
              zor1984 last edited by

              @bmeeks:

              I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

              File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

              Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

              It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

              Bill

              Thanks for your great work!  :-X

              1 Reply Last reply Reply Quote 0
              • bmeeks
                bmeeks last edited by

                Well, some potentially bad news on the File Inspection feature.  It appears to be broken.  It is marked as "Experimental" in the README files included with the Snort source code.  I could not get it to detect even simple PDF files, and when it was enabled, Snort would die on every soft-restart command.  I have decided to pull this feature for now from the 2.9.7.0 update.

                I am now about to test out OpenAppID.  Hopefully it will work better …  :-\

                Bill

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post