Snort check for rule updates appearing as syslog errs, not info severity


  • Services: Snort 2.9.7.3 pkg v3.2.6

    The Snort_check_for_rule_updates.php is posting its update/download status to the "err"or syslog severity status, perhaps syslog severity info would be better?


  • The package is using a pfSense system call to log messages to the system log.  The only two pfSense system function calls I am aware of are log_error() and log_auth().  The former logs with Severity ERROR and the latter with Facility AUTH.  There is no way to pass a custom Severity or Facility to those system calls.

    Generally the preference of the developer team is to use pfSense system calls when available.  It would be nice if one or both of those system functions would let you pass a Facility and Severity as optional parameters.

    Bill


  • So limited API functionality in a way then.

    Ok thanks for letting me know, I'll add some exception rules for the monitoring system.  :)