The pfSense Store

Author Topic: Snort Won't Start After Upgrade  (Read 50262 times)

0 Members and 1 Guest are viewing this topic.

Offline Gloom

  • Full Member
  • ***
  • Posts: 208
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #90 on: July 26, 2011, 02:55:04 am »
I have an idea...and this comment isn't directed toward anyone in particular...Why don't we stop the griping, whining and bitching and just let the dev's do their magic. No amount of complaining is gonna make a difference. It is what it is and none of us can do anything about it unless you're willing to back up your complaints and put your money where your mouth is with a bounty. Unfortunately, I can't afford to donate to the cause. So let's just be patient. I'm just gonna sit back and wait for snort to reappear on the package list.

Regards,
Jon

The problem is some of us work for organisations that mandate the use of IDS/IPS and basically I've had to shut PFSense down and stop all testing and go back to running full FreeBSD installs with snort. If we had some idea of the problem I'm sure some of us on here have the skills to assist.
Never underestimate the power of human stupidity

Offline cyber7

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +0/-0
    • View Profile
    • cyber7 - technologies for a better tomorrow
Re: Snort Won't Start After Upgrade
« Reply #91 on: July 26, 2011, 07:14:42 am »
Agreed!

I also posted a comment regarding the status of SNORT.  All it would take is for the developer to post a quick update with an ETA.  This will stop all the posts, BUT... NOTHING!

Just my 10c
When you pause to think, do you start again?

2.1-RELEASE (i386)
built on Wed Sep 11 18:16:50 EDT 2013
FreeBSD 8.3-RELEASE-p11

Offline Derek Zeanah

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +0/-0
    • View Profile
    • THR
Re: Snort Won't Start After Upgrade
« Reply #92 on: July 26, 2011, 10:56:01 am »
My point of view is a bit different.

pfSense is an amazingly competent product that's available for free.  The folks who've created this product are trying to turn it into a full-time gig by selling consulting and books, but for the most part we're seeing the contributions of volunteers.  Which includes the guy doing Snort integration.  I'd guess he's got a life outside of pfSense and his contributions here, and I'm sure he'll get things running again when he's able.

If you *need* and IDS up and running as part of your firewall distribution then you can get that.  Cisco, SonicWALL, and Juniper all have IDS systems you can subscribe to, for instance.  Of course, they're all quite expensive and run on pricey, proprietary hardware that requires upgrades every few years.  If you need it though, you can have it in-hand tomorrow.  For my needs I'd be looking at something like $3,000 for a SonicWALL 2400 with IDS and one year of maintenance, with $510 annually for the IDS renewal and $300 for the service contract extension.  Juniper is more, and Cisco is way more.

Instead I'm running on a $700 netgate solid state device with (currently non-functional) Snort.  I bought the documentation book for 1.2, and I'll buy the next one.  I sent the developer of the Snort package $50 with a note of thanks.  And I'm willing to be patient.

This is open source.  You can build it yourself, or you can wait for the guy who's devoting his time to solving your business problems to get the work complete, or you can pay for a service contract (possibly for another product.)

Offline Darkk

  • Full Member
  • ***
  • Posts: 207
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #93 on: July 26, 2011, 12:36:55 pm »
Or post a bounty to get snort working if it's that important for the business.  I'm sure it'll help things along alot quicker.

Otherwise I'd be happy to wait.

Darkk

Offline tester_02

  • Full Member
  • ***
  • Posts: 194
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #94 on: July 26, 2011, 10:29:11 pm »
  Personally I think snort should be part of the main package.  To me pfsense is the main release + squid + squidguard + snort.  I just believe that part of the main development should be those packages integrated into the release.
  Beyond that, if this package is so critical to so many, why has nobody put up a bounty like others suggested.  I am also sure that the amount contributed to the snort developer is probably peanuts compared to the time he's put into this package.   I am sure more of an incentive to keep it going would not hurt.
  As just a home user I've donated my $50 in the past (and probably should do more when the next release comes out), as well as offered money for bounties when I can.  For people complaining that their company need it, I think the amount should be much more.  Your business is operating on free software, contribute to it, or it will stop being developed.  Complain when you have to spend thousands on proprietary software with yearly fees, instead of living off free software.  It's not really free, as the developers spend their time working on it for nothing.  Donated a few dollars per year, it's worth the rewards when you get software like pfsense (watch the other distros with no support fall off over the years or move strictly into pay systems and you will know how good this really is).

  That's all I have to say on the topic....


Offline jamesdean

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 354
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #95 on: July 26, 2011, 10:39:00 pm »
Update....

I am pretty much done with every thing, GUI wise. New snort binaries are building right now, that is a relief.

Only 2 things left to do...

1. create snortsam GUI.

2. create snortsam/snort/barnyard2 startup scripts.

I been stuck on creating a way to manage the snortsam block sid rule sets and saving user changes to said blocked sids.
You guys/girls have to realize there are 30,000 snort/emeging rule block sids and I have to make sure your saved settings are saved and displayed correctly as fast as possible.

Side note: I am always happy when you guys care enough to complain. Makes me feel my work on the GUI and the forums is useful to you.
I understand you guys bothered, but snort is working on pfsense 1.2.3 and the removal of the old snort version from 2.0 could not be helped.
Moreover, I understand the urgency and I am working as fast as possible with the limited amount of time I have. (personal life, work, paid projects etc...)

I am not giving you an a date on release to beta, just know I am close.

follow my progress
https://github.com/robiscool

Thanks
Robert
« Last Edit: July 26, 2011, 10:40:53 pm by jamesdean »
PLease post your Pfsense Version and Snort Version when asking questions. Thank you.

Offline cyber7

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +0/-0
    • View Profile
    • cyber7 - technologies for a better tomorrow
Re: Snort Won't Start After Upgrade
« Reply #96 on: July 27, 2011, 01:00:01 am »
Hi Robert.
Actually, it is very true what you say.  The reason people (including myself!) are complaining is because your work is so very important in the entire release of pfSense that without your contribution, the firewall is reasoned lacking.  (In other words, without Snort, pfSense just won't do!)

I thank you for your update.  I believe most people (if not all) have been put to rest seeing that you are putting so much effort into Snort.

Kind regards
Aubrey Kloppers
Cape Town
South Africa
When you pause to think, do you start again?

2.1-RELEASE (i386)
built on Wed Sep 11 18:16:50 EDT 2013
FreeBSD 8.3-RELEASE-p11

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #97 on: July 27, 2011, 08:48:35 am »
Robert,

Keep up the good work man! From what i've seen, the new package looks really awesome! Looking forward to beta testing when that time comes..

Offline Darkk

  • Full Member
  • ***
  • Posts: 207
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #98 on: July 27, 2011, 11:12:50 am »
Awesome!! Looking forward to it.

Darkk

Offline NightHawk007

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #99 on: July 27, 2011, 02:25:42 pm »
I am glad my standby utm software still works on my hardware . I hope you guys tell us when the beta is ready to go ..
« Last Edit: July 28, 2011, 01:04:35 am by NightHawk007 »

Offline seattle-it

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • Seattle IT Consultant
Re: Snort Won't Start After Upgrade
« Reply #100 on: July 27, 2011, 11:25:25 pm »
Segfaults for me on an AMD64 box when started from a shell .. looks as if progress is being made though, keep @ it Jamesdean ;)
My tech blog - seattleit.net/blog

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Snort Won't Start After Upgrade
« Reply #101 on: August 02, 2011, 01:29:35 am »
We need to be able to dedicate more of our core developer resources to clean this up and keep it working, as is it's largely just Rob's volunteer efforts, where the base system is largely done by people on our payroll (who, no offense to Rob, are far more experienced developers). What gets done by our core developers is largely what people are willing to pay for, and it's been years since we've had anyone interested in paying for Snort work. I've dedicated 10 hours of Ermal's time (with no funding, as a favor to a partner) to cleaning up bugs and bad code in the Snort package this week, which has lead to this massive clean up today, with more work to be done on it tomorrow.
https://github.com/bsdperimeter/pfsense-packages/commit/c8b7c369d1b391fc687e4ad09ee156dbec37043a

That's not going to leave things in perfect shape (there are other improvements I'd like to see), but it will at least be much better. That's limited to the main snort package, not snort-dev, which Rob can continue to do whatever he wants with, but nothing will be merged back into the main snort package from now on without review and merge approval to keep things sane.

If anyone can dedicate some money to furthering our efforts here, please contact me (cmb at pfsense dot org). I'd love to get more of our resources on it, but we also have to make payroll so we're limited in what we can do because we want to do it.

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #102 on: August 02, 2011, 12:38:02 pm »
We need to be able to dedicate more of our core developer resources to clean this up and keep it working, as is it's largely just Rob's volunteer efforts, where the base system is largely done by people on our payroll (who, no offense to Rob, are far more experienced developers). What gets done by our core developers is largely what people are willing to pay for, and it's been years since we've had anyone interested in paying for Snort work. I've dedicated 10 hours of Ermal's time (with no funding, as a favor to a partner) to cleaning up bugs and bad code in the Snort package this week, which has lead to this massive clean up today, with more work to be done on it tomorrow.
https://github.com/bsdperimeter/pfsense-packages/commit/c8b7c369d1b391fc687e4ad09ee156dbec37043a

That's not going to leave things in perfect shape (there are other improvements I'd like to see), but it will at least be much better. That's limited to the main snort package, not snort-dev, which Rob can continue to do whatever he wants with, but nothing will be merged back into the main snort package from now on without review and merge approval to keep things sane.

If anyone can dedicate some money to furthering our efforts here, please contact me (cmb at pfsense dot org). I'd love to get more of our resources on it, but we also have to make payroll so we're limited in what we can do because we want to do it.


funny I just checked github to see what updates are out there and Ermal has been busy!! I see the old snort package is enable... Who is going to be the brave soul and try it? Well i gave it shot and it installed on my system but it couldn't download the rules from snort.org

Code: [Select]
Warning: curl_exec(): Could not call the CURLOPT_WRITEFUNCTION in /usr/local/www/snort/snort_download_rules.php on line 859
I guess i should wait until the devs say its good to go.

going to see if i can manually download them

Offline jamesdean

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 354
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #103 on: August 02, 2011, 12:51:08 pm »
@cmb is right snort should be maintained by the core paid developers. My work on snort package will stop immediately and will move my code to a package called Orion.
I have really enjoyed giving my free time and code to the pfSense snort community. I hope people continue to enjoy my GUI I have built and code I have donated.
Those of you that expect the Old snort gui to return dont worry, 90% of my snort 1.2.3 code will not change for 2.0.

My snort 2.0 package I was working on will become Orion IDS package and will likely become private for paid supporters. This will help me give my full attention to this package.
I think I have a base now that can support me to work on this package on a limited part time.  

Moreover, this should give me the freedom to add features as fast as possible.


Robert
« Last Edit: August 02, 2011, 12:52:56 pm by jamesdean »
PLease post your Pfsense Version and Snort Version when asking questions. Thank you.

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3364
  • Karma: +0/-0
    • View Profile
Re: Snort Won't Start After Upgrade
« Reply #104 on: August 02, 2011, 01:47:08 pm »
I just made some other changes that should make it behave better in regards to rule downloading.

I couldn't test with snort.org since it was slow and did not have an account to test with.