[Snort-users] Freebsd snorters: Freebsd port for snort 126.96.36.199 has been posted
michael.scheidell at ...8144...
Wed Feb 9 05:20:08 EST 2011
If you are using the freebsd ports tree, you can now upgrade to 188.8.131.52
via ports, portsupgrade, portmanager or make deinstall reinstal.
Upgrade your ports tree (this includes the required daq 0.5_1)
upgrade daq 0.5 if not done already, then upgrade snort.
Also note, for those of you who have waited long hours for the freebsd
port to sync up with SF, you will notice a new maintainer.
SF's very own Dean Freeman has graciously volunteered to take over the
This may mean that the new freebsd port might be ready 38 mins after SF
releases a new version!
please note config options on port.
These were chosen to reflect (as close as possible) the 184.108.40.206 port
defaults, and might differ a little from SF default.
Examples: ipv6 and targetedbase is off by default, and of course,
flexresp3 has replaced flexresp2 and the original.
see this for porting notes:
also, freebsd snorters: in order to use the larger bpf buffers, with cli
./snort --daq pcap --daq-var buffer_size=10485760
you need to adjust a sysctl value to at least the requested buffer size:
sysctl -a net.bpf | grep buf
if you ask for a buffer_size > net.bpf.maxbufsize you will get the
if you don't specify -daq-var buffer_size= you will get the default:
thanks to all who helped with this. this makes it easier for us to keep
up with current snort.
(ps, I still can't get ipfw to work, even with old snort_inline.. any
geniouses that have figured this out, maybe we can document the painful
steps necessary to get it to work in a divert/if_bridge environment..
yes, it DOES work with freebsd 7.3+, several people have done it, its a
matter of arranging the atoms in just the right order, and it seems to
be a hit and miss thing)
Michael Scheidell, CTO
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users