Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Freebsd snorters: Freebsd port for snort 2.9.0.3 has been posted

From: Michael Scheidell <michael.scheidell () secnap com>
Date: Wed, 9 Feb 2011 05:20:08 -0500
If you are using the freebsd ports tree, you can now upgrade to 2.9.0.3 via ports, portsupgrade, portmanager or make deinstall reinstal. 

Upgrade your ports tree (this includes the required daq 0.5_1)
upgrade daq 0.5 if not done already, then upgrade snort.
Also note, for those of you who have waited long hours for the freebsd port to sync up with SF, you will notice a new maintainer. SF's very own Dean Freeman has graciously volunteered to take over the port.
This may mean that the new freebsd port might be ready 38 mins after SF releases a new version! 

please note config options on port.
These were chosen to reflect (as close as possible) the 2.8.6.1 port defaults, and might differ a little from SF default.
Examples: ipv6 and targetedbase is off by default, and of course, flexresp3 has replaced flexresp2 and the original. 

see this for porting notes:
<http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/153998>
and
<http://www.freebsd.org/cgi/query-pr.cgi?pr=154514&cat=ports>
also, freebsd snorters: in order to use the larger bpf buffers, with cli ./snort --daq pcap --daq-var buffer_size=10485760 

you need to adjust a sysctl value to at least the requested buffer size:

sysctl -a net.bpf | grep buf
net.bpf.maxbufsize: 10485760
net.bpf.bufsize: 4096
if you ask for a buffer_size > net.bpf.maxbufsize you will get the net.bpf.maxbufsize if you don't specify -daq-var buffer_size= you will get the default: net.bpf.bufsize.
thanks to all who helped with this. this makes it easier for us to keep up with current snort.
(ps, I still can't get ipfw to work, even with old snort_inline.. any geniouses that have figured this out, maybe we can document the painful steps necessary to get it to work in a divert/if_bridge environment.. yes, it DOES work with freebsd 7.3+, several people have done it, its a matter of arranging the atoms in just the right order, and it seems to be a hit and miss thing) 

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ 
______________________________________________________________________  
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: