4. Snort pkg v3.2.9 Update Release Notes

Snort pkg v3.2.9 Update Release Notes


  • Snort 2.9.7.6 pkg v3.2.9 Release Notes

    This release updates the Snort binary to v2.9.7.6 and the pfSense GUI package to v3.2.9.  This update adds support for two new HTTP_INSPECT options and enables logging of IPv6 addresses in Unified2 logs as extra-data.  There are four minor bug fixes included with this update.

    Note:  Other than required bug fixes, I plan on not making changes to GUI functionality within Snort during the period I am porting the package to the new pfSense 2.3 Bootstrap code.  There are some additional GUI features I want to add in the areas of custom rules and OpenAppID, but I need to freeze the GUI for a bit while porting to Bootstrap.

    New Features

    • Added support for the decompress_swf and decompress_pdf options for the HTTP_INSPECT preprocessor.  These options decompress Shockwave Flash and Adobe PDF files so they can be further inspected.  The new settings are available on the HTTP_INSPECT Engines dialog on the PREPROCESSORS tab.

    • IPv6 addresses are now logged in the extra-data segment when Unified2 log output is enabled with Barnyard2.

    Bug Fixes

    • Tidy up output messages displayed during package installation and during rule updates.

    • Add two missing OpenAppID folders and a default file to prevent warning messages when starting up with OpenAppID enabled.

    • When editing HTTP_INSPECT, FRAG3, STREAM5, FTP_SERVER or FTP_CLIENT engines on the PREPROCESSORS tab, there is no prompt to apply the change to the running configuration when returning from the engine dialog page on the PREPROCESSORS tab .

    • Add code to prevent the /usr/local/etc/rc.d shell script for Snort from processing a RESTART command while a package START command is still in progress

    Bill

    0

  • Thank you for the Snort upgrade package,  but I've noticed a problem.  After upgrading to 3.2.9,  SNORT has disappeared from the GUI.

    The SNORT package shows as installed, but when checking under Services, there is no SNORT menu item.  Likewise, under Status >  Dashboard > Services Status, SNORT doesn't show.

    I have upgraded the SNORT GUI,  just in case that was the problem.  I have also rebooted the firewall.  Are there any suggestions about what to try next, or how to troubleshoot?

    Just for the record,  I also upgraded Notes and AutoConfigBackup at the same time.  They seem to be working.

    0
  • D
    Banned

    Yeah. Reinstall the package.

    0

  • Reinstall worked.  One of the interfaces did not come back up immediately, but I was able to restart it.

    <update>  On my second site, the upgrade worked perfectly.  <end update="">Thank you.</end></update>

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy