pfSense-pkg-suricata-4.1.4_2 -- Add SEVERITY LEVEL to logs and miscellaneous bug fixes #647
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
pfSense-pkg-suricata v4.1.4_2
This update to the GUI package incorporates the use of the PHP syslog() function for logging both informational and error messages so that a SEVERITY_LEVEL flag can be associated with each message. This lets users sending the logs for automated analysis on remote systems parse log messages by Severity (LOG_ERR, LOG_ALERT, LOG_WARN or LOG_NOTICE). Formerly all Suricata log messages were logged with Severity LOG_ERR, even those that were merely informational in nature.
This update also includes two bug fixes.
Changes Log:
Update the example Snort 2.9.x rules snapshot filename on the GLOBAL SETTINGS tab in the Snort Subsriber Rules section to the most recent Snort 2.9.x version.
Add a warning under the Snort rules snapshot filename text box advising the user to not use Snort3 rules as they are incompatible with Suricata and will break the Suricata installation if installed.
New Features:
Bug Fixes:
Fix display of Suricata and Barnyard2 status icons on the INTERFACES tab so that icons update properly when the underlying interface is a VLAN.
On a package re-install, check for missing classification.config, reference.config or threshold.config files in each interface sub-directory and restore any missing files by copying in the *.config.sample equivalent. This prevents subsequent start-up errors for missing files. See Redmine Issues #9195 and #9202.