pfSense-pkg-suricata-4.1.4_2 -- Add SEVERITY LEVEL to logs and miscellaneous bug fixes

[bmeeks8]

pfSense-pkg-suricata v4.1.4_2

This update to the GUI package incorporates the use of the PHP syslog() function for logging both informational and error messages so that a SEVERITY_LEVEL flag can be associated with each message. This lets users sending the logs for automated analysis on remote systems parse log messages by Severity (LOG_ERR, LOG_ALERT, LOG_WARN or LOG_NOTICE). Formerly all Suricata log messages were logged with Severity LOG_ERR, even those that were merely informational in nature.

This update also includes two bug fixes.

Changes Log:

1. Update the example Snort 2.9.x rules snapshot filename on the GLOBAL SETTINGS tab in the Snort Subsriber Rules section to the most recent Snort 2.9.x version.

2. Add a warning under the Snort rules snapshot filename text box advising the user to not use Snort3 rules as they are incompatible with Suricata and will break the Suricata installation if installed.

New Features:

1. Suricata log messages to the system log now contain SEVERITY LEVEL to facilitate parsing of the messages using remote log analysis tools. Redmine Issue #8501.

Bug Fixes:

1. Fix display of Suricata and Barnyard2 status icons on the INTERFACES tab so that icons update properly when the underlying interface is a VLAN.

2. On a package re-install, check for missing classification.config, reference.config or threshold.config files in each interface sub-directory and restore any missing files by copying in the *.config.sample equivalent. This prevents subsequent start-up errors for missing files. See Redmine Issues #9195 and #9202.

[rbgarga]

@bmeeks8 asked us to wait to hear from him before merge this PR

[bmeeks8]

The matching Suricata binary package update this was waiting for is now posted in Pull Request 648. This request is clear for merging.

Thanks