Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort check for rule updates appearing as syslog errs, not info severity

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 815 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser
      last edited by

      Services: Snort 2.9.7.3 pkg v3.2.6

      The Snort_check_for_rule_updates.php is posting its update/download status to the "err"or syslog severity status, perhaps syslog severity info would be better?

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        The package is using a pfSense system call to log messages to the system log.  The only two pfSense system function calls I am aware of are log_error() and log_auth().  The former logs with Severity ERROR and the latter with Facility AUTH.  There is no way to pass a custom Severity or Facility to those system calls.

        Generally the preference of the developer team is to use pfSense system calls when available.  It would be nice if one or both of those system functions would let you pass a Facility and Severity as optional parameters.

        Bill

        1 Reply Last reply Reply Quote 0
        • F
          firewalluser
          last edited by

          So limited API functionality in a way then.

          Ok thanks for letting me know, I'll add some exception rules for the monitoring system.  :)

          Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

          Asch Conformity, mainly the blind leading the blind.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.