Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort XMLRPC Sync

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      I'm using Snort on two pfSense HA firewalls (CARP) and sync the Snort config (Snort XMLRPC Sync) between them. Unfortunately it seems there is no indicator when the last sync happened, so there is no guarantee that both are in sync.

      I noticed that when I enabled the Open AppID support on an interface. The change was not synced to the second Snort instance for days till I manually pushed the save button on the Snort sync tab.

      Is there any documentation (beside looking at the source) how the sync should work or what can be expected?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        There should be sync messages written to the system logs (especially on the destination machine).

        I probably forgot to add a "sync trigger" to the new OpenAppID code. I will check that so that when it is enabled/disabled, a sync is forced.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.