Bug #1753
closed
Spoink integration
0%
Description
For the alert_pf option the snort package needs the spoink code.
This code is not present today on the snort package which makes the alert_pf option not work at all.
Also the spoink code needs improvement to work with pfSense customized pf(4) version.
Updated by chris hamilton over 12 years ago
I'm getting the same error -- however only if I check "Block offenders" (Checking this option will automatically block hosts that generate a Snort alert.)
2.0-RC3 (amd64)
built on Tue Jun 21 23:08:07 EDT 2011
Aug 8 00:21:03 snort34866: FATAL ERROR: /usr/local/etc/snort/snort_10106_msk0/snort.conf(351) Unknown output plugin: "alert_pf"
Aug 8 00:21:03 snort34866: FATAL ERROR: /usr/local/etc/snort/snort_10106_msk0/snort.conf(351) Unknown output plugin: "alert_pf"
Will be :-) when the code is added
Updated by Walter Gomes over 12 years ago
2.0-RC3 (amd64)
built on Wed Aug 24 10:10:33 EDT 2011
same case of hamilton, the error message is displayed only if i enable Block offenders option.
i'll be the first to test the fix :)
Updated by Ermal Luçi over 12 years ago
- Status changed from New to Feedback
Spoink is now integrated to snort and snort uses 2.9.0.5 port.
Possibly should ping the spoink author about this?
Updated by Walter Gomes over 12 years ago
Thanks to pfsense developers for the new version of snorte with the block offenders working, i've enabled it on my pfsense box and the interface is running, i have no traffic today and tomorrow on my network, so i can't tell if it's working correctly, but at monday i'll see if the infected hosts are being blocked by the pfsense.
Updated by Ermal Luçi over 12 years ago
- Status changed from Feedback to Resolved