Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-04-13 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Updated PFSense Client

Published: 2016-04-13
Last Updated: 2016-04-13 22:04:20 UTC
by Johannes Ullrich (Version: 1)
10 comment(s)

Earlier this week, PFSense 2.3 was released. The new release changed the name of a function I use in our pfsense log submission client, and the client will fail to parse the logs. I just released a new version of the script, that you can download here:

https://isc.sans.edu/clients/dshieldpfsense.txt (GPG Signature: https://isc.sans.edu/clients/dshieldpfsense.txt.asc ).

If you rather just apply the change to your existing file, find the line (should be line 65):

$flent = parse_filter_line(trim($line));

and replace "filter" with "firewall_log":

$flent = parse_firewall_log_line(trim($line));

This should fix the issue. The new client checks what version you are running, so it will work with 2.2 and 2.3. (but only tested with 2.3 right now).

Please let me know if you have any problems! And thanks to those who reported the issue.

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
10 comment(s)
Diary Archives