Bug #1753
closed
Added by Ermal Luçi over 13 years ago.
Updated about 13 years ago.
Description
For the alert_pf option the snort package needs the spoink code.
This code is not present today on the snort package which makes the alert_pf option not work at all.
Also the spoink code needs improvement to work with pfSense customized pf(4) version.
I'm getting the same error -- however only if I check "Block offenders" (Checking this option will automatically block hosts that generate a Snort alert.)
2.0-RC3 (amd64)
built on Tue Jun 21 23:08:07 EDT 2011
Aug 8 00:21:03 snort34866: FATAL ERROR: /usr/local/etc/snort/snort_10106_msk0/snort.conf(351) Unknown output plugin: "alert_pf"
Aug 8 00:21:03 snort34866: FATAL ERROR: /usr/local/etc/snort/snort_10106_msk0/snort.conf(351) Unknown output plugin: "alert_pf"
Will be :-) when the code is added
2.0-RC3 (amd64)
built on Wed Aug 24 10:10:33 EDT 2011
same case of hamilton, the error message is displayed only if i enable Block offenders option.
i'll be the first to test the fix :)
- Status changed from New to Feedback
Spoink is now integrated to snort and snort uses 2.9.0.5 port.
Possibly should ping the spoink author about this?
Thanks to pfsense developers for the new version of snorte with the block offenders working, i've enabled it on my pfsense box and the interface is running, i have no traffic today and tomorrow on my network, so i can't tell if it's working correctly, but at monday i'll see if the infected hosts are being blocked by the pfsense.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Ermal Luçi