> -----Original Message----- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > Joachim Schipper > Sent: Thursday, October 08, 2009 10:58 AM > To: misc@openbsd.org > Subject: Re: Snort on OpenBSD > > On Thu, Oct 08, 2009 at 12:27:46PM +0100, Richard Brooks wrote: > > Hello, I am trying to get some up to date information on how to install and > > configure Snort on a modern OpenBSD box. At the moment it seems that Snort > > has only limited functionality for OpenBSD, and in general seems to prefer > > either Linux or Windows. I have tried downloading and installing various > > Snort related packages/ports from OpenBSD's ftp sites to my OpenBSD 4.5 box. > > But have had to disable various pre-processor's and dynamic rules as the > > libraries (shared objects) don't seem to be available for OpenBSD, also > > Snort seems to prefer access control lists which currently are not a feature > > of OpenBSD, am also having issues running Snort from the command line and > > have to keep rebooting to see if a modification to Snort's configuration has > > worked. ... > > What, specifically, fails to work? >
Sometime around mid-2009 Sourcefire made rule changes that require preprocessor updates. I can't seem to find that announcement now. Running -current rules on the 4.5 package broke snort for me (without disabling a handful of pre-processors.) I ended up building an (unsupported) 2.8.4.1 package from -current ports which has worked for me since August. I believe snortsam has been referenced to go from IDS -> IPS, but I've not used it. -Steve S.
