Snort check for rule updates appearing as syslog errs, not info severity

IDS/IPS
Log in to reply
  • F

    Services: Snort 2.9.7.3 pkg v3.2.6

    The Snort_check_for_rule_updates.php is posting its update/download status to the "err"or syslog severity status, perhaps syslog severity info would be better?

    0
  • bmeeks

    The package is using a pfSense system call to log messages to the system log.  The only two pfSense system function calls I am aware of are log_error() and log_auth().  The former logs with Severity ERROR and the latter with Facility AUTH.  There is no way to pass a custom Severity or Facility to those system calls.

    Generally the preference of the developer team is to use pfSense system calls when available.  It would be nice if one or both of those system functions would let you pass a Facility and Severity as optional parameters.

    Bill

    0
  • F

    So limited API functionality in a way then.

    Ok thanks for letting me know, I'll add some exception rules for the monitoring system.  :)

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy