Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort package Bootstrap conversion is complete – ready for testing

    Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
    21 Posts 7 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maverick_slo
      last edited by

      @mais_um:

      Hi. I'll start then. New installation with old config.

      • In interfaces settings; home net, External Net and pass net is blank is it normal? view list in this have the list os the networks correct i think. Suppression should have my list but is blank view list is blank to.
      • In Alerts can't change interface, always jump to the first when i try select one of the other. No alerts listed but widget have some listed at least in LAN maybe i can't see it because i cant select LAN interface , download logs are empty, . Don't know if Blocked works downloading logs appears info box that is no content.
      • In SID Mgmt in the short description appears Remove Snort Logs On Package Uninstall, this belongs to Log Mgmt.

      Only this for now. Thanks looks good for the first try.

      I can confirm all of that.

      For this:

      • In interfaces settings; home net, External Net and pass net is blank is it normal? view list in this have the list os the networks correct i think. Suppression should have my list but is blank view list is blank to.

      I`ve made 2 screenshots that describe the problem very well :)

      snort1.PNG
      snort1.PNG_thumb
      snort2.PNG
      snort2.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        A new version of the Snort package was just merged that should address all of the issues reported thus far with the ALERTS tab, the INTERFACES EDIT drop-downs for HOME NET, EXTERNAL NET, PASS LIST and SUPPRESS LIST, and an incorrect label name for the enable checkbox on the SID MGMT tab.

        NOTE:  The issue with the UPDATES tab not showing on-screen progress is still being worked.  That fix is going to take a little time, because some things have to be re-engineered a bit in that part of the Snort GUI.

        Bill

        1 Reply Last reply Reply Quote 0
        • MikeV7896M
          MikeV7896
          last edited by

          Looks good! I waited until after that first update. Installed, went through your walkthrough from the IDS/IPS forum again (making changes where needed), and it looks like it's running great!

          My only request would be to put an info box regarding the pattern matching algorithms, or maybe add some additional text in the drop-down list (since it's so wide), or provide a link to some info on the different algorithms and their resource use or benefits (i.e. high CPU, high RAM, fastest, etc.)

          It looks good though! Thanks for your hard work on this!

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @virgiliomi:

            Looks good! I waited until after that first update. Installed, went through your walkthrough from the IDS/IPS forum again (making changes where needed), and it looks like it's running great!

            My only request would be to put an info box regarding the pattern matching algorithms, or maybe add some additional text in the drop-down list (since it's so wide), or provide a link to some info on the different algorithms and their resource use or benefits (i.e. high CPU, high RAM, fastest, etc.)

            It looks good though! Thanks for your hard work on this!

            Thank you for the positive feedback …  :).  I will see about adding an info block maybe in that pattern matching section.  The short answer, though, is a lot of smart folks have tested and prodded and poked over the years and the consensus is use AC-BNFA or AC-BNFA-NQ and you are good for pretty much anything.

            Bill

            1 Reply Last reply Reply Quote 0
            • A
              athurdent
              last edited by

              Looks great, many thanks for the hard work!
              The widget seems to have a problem displaying the names of OPT interfaces though. It shows OPT2 instead of the real name on my setup.

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @athurdent:

                Looks great, many thanks for the hard work!
                The widget seems to have a problem displaying the names of OPT interfaces though. It shows OPT2 instead of the real name on my setup.

                I will put that on my "fix it" list.  I have a few other cosmetic fixes to incorporate as well.

                Bill

                1 Reply Last reply Reply Quote 0
                • L
                  LinuxTracker
                  last edited by

                  You are awesome

                  1 Reply Last reply Reply Quote 0
                  • Raul RamosR
                    Raul Ramos
                    last edited by

                    Hi…snort-2.9.8.0 f*** yeah.

                    Some more "bugging".

                    • Can't change nothin on Log Mgmt.
                    • After upgrade snort i have to re-enable, previously enabled, interfaces or i don't wait enough time(?).

                    Some requesting, for another time.

                    • Some awesome GUI to AppID feature? no?

                    Thanks a lot.

                    pfSense:
                    ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
                    Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
                    NIC's: RTL8100E (Internal ) and Intel® PRO/1000 PT Dual (Intel 82571GB)

                    1 Reply Last reply Reply Quote 0
                    • bmeeksB
                      bmeeks
                      last edited by

                      @mais_um:

                      Hi…snort-2.9.8.0 f*** yeah.

                      Some more "bugging".

                      • Can't change nothin on Log Mgmt.
                      • After upgrade snort i have to re-enable, previously enabled, interfaces or i don't wait enough time(?).

                      Some requesting, for another time.

                      • Some awesome GUI to AppID feature? no?

                      Thanks a lot.

                      I also found the LOG MGMT bug myself last night.  I am working on it and several other small GUI bugs.  An update will be posted later today for approval and merging by the pfSense team.

                      There is a problem with the interfaces not auto-starting after an upgrade.  This is impacting Suricata as well.  This is also on my list to troubleshoot and fix, but I have been delaying it while working on some of the other bugs.  Lots of things needed to be "touched" as part of the Bootstrap conversion, and as a result some new bugs got introduced.

                      A GUI interface to help with OpenAppID has been requested by several folks.  That is on my radar.  I've been holding off introducing new GUI features during the long conversion to Bootstrap.  Now that the Bootstrap conversion is about done (just a few more little bugs to fix), I can start looking at new GUI features soon.

                      Bill

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks
                        last edited by

                        NOTE:  An update to the Snort binary is coming with the next GUI package update.  The binary will be updated to version 2.9.8.0.  In fact, the binary package is already posted, but it won't show up as an "update" in the pfSense Package Manager until I post the coming bug fix update for the Snort GUI package.  I'm working on that now update now and hope to post it before the end of today.

                        Bill

                        1 Reply Last reply Reply Quote 0
                        • bmeeksB
                          bmeeks
                          last edited by

                          I've posted another bug fix update for the new Bootstrap version of the Snort package.  It was merged and should now show up as package version 3.2.9.1_6 in the Package Manager GUI.  This update corrects the following bugs:

                          Bug Fixes

                          • Stats log filename incorrect in drop-down on LOGS VIEW tab.

                          • Receive system log error "open() "/usr/local/www/javascript/base64.js" failed from LOGS VIEW tab.

                          • Settings not saving on LOGS MGMT tab.

                          • Alerts Widget does not auto-update and does not display friendly interface names.

                          • Add VIEW RULES button to RULES tab to allow viewing of raw rules content for selected category.

                          • Improve feedback on UPDATES tab when updating rules via a temporary workaround.

                          • Style footer of blocked IPs table on BLOCKED tab to "bg-info".

                          • Fix up errant newlines in post-install code and tidy up status messages.

                          • Fix Snort auto-start failure after upgrade or reinstall.

                          Binary Update:
                          The Snort binary is also updated to 2.9.8.0 to match the latest upstream release.

                          Bill

                          1 Reply Last reply Reply Quote 0
                          • M
                            maverick_slo
                            last edited by

                            Thanks!
                            Now to production :)

                            1 Reply Last reply Reply Quote 0
                            • Raul RamosR
                              Raul Ramos
                              last edited by

                              Cosmetic thing "\n"  on line 206 (browser source) 151 line in snort_blocked.php file on Blocked tab

                              
                              \n<
                              

                              pfSense:
                              ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
                              Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
                              NIC's: RTL8100E (Internal ) and Intel® PRO/1000 PT Dual (Intel 82571GB)

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.