Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort pkg v3.2.9 Update Release Notes

    IDS/IPS
    3
    4
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by

      Snort 2.9.7.6 pkg v3.2.9 Release Notes

      This release updates the Snort binary to v2.9.7.6 and the pfSense GUI package to v3.2.9.  This update adds support for two new HTTP_INSPECT options and enables logging of IPv6 addresses in Unified2 logs as extra-data.  There are four minor bug fixes included with this update.

      Note:  Other than required bug fixes, I plan on not making changes to GUI functionality within Snort during the period I am porting the package to the new pfSense 2.3 Bootstrap code.  There are some additional GUI features I want to add in the areas of custom rules and OpenAppID, but I need to freeze the GUI for a bit while porting to Bootstrap.

      New Features

      • Added support for the decompress_swf and decompress_pdf options for the HTTP_INSPECT preprocessor.  These options decompress Shockwave Flash and Adobe PDF files so they can be further inspected.  The new settings are available on the HTTP_INSPECT Engines dialog on the PREPROCESSORS tab.

      • IPv6 addresses are now logged in the extra-data segment when Unified2 log output is enabled with Barnyard2.

      Bug Fixes

      • Tidy up output messages displayed during package installation and during rule updates.

      • Add two missing OpenAppID folders and a default file to prevent warning messages when starting up with OpenAppID enabled.

      • When editing HTTP_INSPECT, FRAG3, STREAM5, FTP_SERVER or FTP_CLIENT engines on the PREPROCESSORS tab, there is no prompt to apply the change to the running configuration when returning from the engine dialog page on the PREPROCESSORS tab .

      • Add code to prevent the /usr/local/etc/rc.d shell script for Snort from processing a RESTART command while a package START command is still in progress

      Bill

      1 Reply Last reply Reply Quote 0
      • telservT
        telserv
        last edited by

        Thank you for the Snort upgrade package,  but I've noticed a problem.  After upgrading to 3.2.9,  SNORT has disappeared from the GUI.

        The SNORT package shows as installed, but when checking under Services, there is no SNORT menu item.  Likewise, under Status >  Dashboard > Services Status, SNORT doesn't show.

        I have upgraded the SNORT GUI,  just in case that was the problem.  I have also rebooted the firewall.  Are there any suggestions about what to try next, or how to troubleshoot?

        Just for the record,  I also upgraded Notes and AutoConfigBackup at the same time.  They seem to be working.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Yeah. Reinstall the package.

          1 Reply Last reply Reply Quote 0
          • telservT
            telserv
            last edited by

            Reinstall worked.  One of the interfaces did not come back up immediately, but I was able to restart it.

            <update>  On my second site, the upgrade worked perfectly.  <end update="">Thank you.</end></update>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post