From nobody Mon Aug  1 17:52:19 2022
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LxQgY5rNFz4XRkh
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Mon,  1 Aug 2022 17:52:25 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LxQgX6WWVz3h6D
	for <freebsd-ports@freebsd.org>; Mon,  1 Aug 2022 17:52:24 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 271HqJUw012312
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Mon, 1 Aug 2022 19:52:19 +0200 (CEST)
	(envelope-from ml@netfence.it)
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <467cecb2-036d-a789-89a6-85b710d420e1@netfence.it>
Date: Mon, 1 Aug 2022 19:52:19 +0200
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
Subject: Re: Snort3
Content-Language: en-US
To: BSD Devel <freebsd@optimcloud.com>, freebsd-ports@freebsd.org
References: <a565e17e-19ba-3789-079b-d86aba8e55b5@netfence.it>
 <1659367314460.2568685022.2516369900@optimcloud.com>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <1659367314460.2568685022.2516369900@optimcloud.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Rspamd-Queue-Id: 4LxQgX6WWVz3h6D
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=pass (policy=none) header.from=netfence.it;
	spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 78.134.96.152 as permitted sender) smtp.mailfrom=ml@netfence.it
X-Spamd-Result: default: False [-3.80 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[netfence.it,none];
	R_SPF_ALLOW(-0.20)[+ip4:78.134.96.152];
	MIME_GOOD(-0.10)[text/plain];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT];
	RCVD_COUNT_ONE(0.00)[1];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	TO_DN_SOME(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	HAS_XAW(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N


On 8/1/22 17:22, BSD Devel wrote:

> I think the question is does anyone even use snort anymore?

I'd be interested to know the answer...
Is anyone here using it?



> i thought it was dead

Hmm...
Seems latest release is 4 days old (latest was from 14 days ago).
The port in our tree has already been updated.
Of course Snort 2 is probably dying in favour of Snort 3 (formerly 
Snort++), which is a very different product.

OTOH we don't have PulledPort 3 in the port tree (not sure if that is 
required or 0.7 will do).



> pretty sure everyone uses prelude ids now!

I'm inheriting some setups made by a person who is not working here 
anymore, so I'm probably still too ignorant on this matter (and I'm 
trying to catch up)...
That said, Snort and Prelude seems two different things to me (NIDS/IPS 
vs SIEM); in fact I found some tutorials to integrate the two.

If you think I'm wrong, I'm listening :)



  bye & Thanks
	av.