SNEZ Wiki

SNEZ 3.7.3 is a minor maintenance release
- corrects install doc for use with Snort(c) 3.x
- uses correct path when checking if Snort(c) 3.x is running
- corrects an error with warn flag descriptions

SNEZ 3.7.4 is a minor maintenance release
-corrects jsonreader extraneous lines
-corrects an error with warn flag descriptions if filters are suppressed

SNEZ 4.0 has been released, with the following goals in mind:
-shorten the testing window providing for faster release of new code
-be less distro-dependent
-allow for better adherence to file hierarchy standards or special install requirements
-allow install on a device apart from the IDS/IPS platform (ie., run on a dedicated machine or VM)

Some features have been removed:
-unified2 compatibility (third-party unified2 to JSON file conversion tools are available)
-Snort(c) 2.x compatibility (V3 has been released)
-FreeBSD compatibility (Most but not all functions work with FreeBSD, but no testing)
-distro sensing during install (replaced with specifying paths/file owners on a new setup page)
-deb and rpm install options (these were experimental on SNEZ 3.x)

At this time SNEZ 3.7.x will continue to be the default download, however all future development will be to SNEZ 4.0 .

SNEZ 4.0 is now the default download.

If you still need processing of unified2 output, or Snort(c) 2.x compatibility you need SNEZ 3.7.4 here-
https://sourceforge.net/projects/snez/files/SNEZ%20v3%20downloads/SNEZ-3.7.4.tar.gz/download

Note: Each version has it's own README file in the SNEZ v[x] Downloads folders.

SNEZ 4.1 is a minor maintenance release. Fixes:
Filters are added with an incorrect minutes in the timestamp
Problem rotating ids json output
Others- See README for full list of fixes

Hotfix HF20211006 fixes problems with filter timestamps in version 3.7.x. Significant problems to SNEZ 3.7.x are now addressed through hotfixes only; no new releases. SNEZ 4.x is the current version.

SNEZ 4.2 was pushed out today to quickly address both an install problem with SNEZ 4.1 and to address a security issue
--symlinks for json and archive utilities point to older or non-existent files after install or upgrade to SNEZ 4.1
--improper folder ownership/permission could result in files added (not altered) to document root (currently no known vectors)

Hotfix HF20211010 fixes ownership/permissions in SNEZ 3.7.x (does not apply to SNEZ 4.x). Fixes- files in SNEZ document root may be added or altered if SNEZ or underlying system is otherwise compromised

Two hotfixes released today. Both apply to SNEZ 4.x.
HF20241001 expands the interface field in the SNEZ config to 16 characters to be compatible with modern Linux kernels.
HF20241003 expands the alert classification field in the SNEZ database. Classifications are truncated, and in some cases causes alerts not to be added to the SNEZ database.

Two more Hotfixes were released today. All hotfixes are now in a Hotfix subfolder of
'SNEZ ver4 Downloads' in tar.gz format. A README file there describes all available hotfixes.

Also, HF20240101 has been revised and uploaded to correctly expand the 'interface' field everywhere. Reapply it to prevent truncation of the interface field in filters and on the database if your interface is larger that 10 characters.

* Hotfix HF20241013 *******
This fixes problems with the improper reporting of jsonstash up/down status
Applies to SNEZ 4.2
This fix is a complete replacement for the snezCheckProcess.php program

* Hotfix HF20241014 *******
This fixes problems with jsonstash skipping over alerts with descriptions containing single quotes throwing an error on close crashing on some distros/releases,
This also adds logging of alerts in the terminal window
Applies to SNEZ 4.2
This fix is a complete replacement for the jsonstash.php program

SNEZ 4.3 was released today fixing several issues:
-truncated eth interface fields
-truncated alert classification field
- jsonstash skipping alerts containing embedded single quotes and sometimes crashing
-not properly reflecting jsonstash's up/down status on the summary screen

Additionally, a new program, SNEZlogger is introduced which serves as a simple console alert logger. It reads the json file and formats some basic alert info into a readable form. It can be run from the extracted tar.gz file with or without a full install of SNEZ. See the README.SNEZlogger file for more info.
Enjoy!

SNEZ 4.3.1 is an optional upgrade. It fixes a few minor documentation issues and updates copyright information. If you are already running 4.3, there is no need to update.

SNEZ v3 is being deprecated. Hotfixes will no longer be provided, and all files related to v3 will be deleted sometime after 6/1/2025. SNEZ v4 will be the only version receiving new releases, updates and fixes. Send questions or comments to gene@geneguinter.com

A new folder had been created for user-submitted recipes and other contributions and I've added an excellent user-submitted recipe file for installing Suricata and SNEZ on AlmaLinux. While I have not personally tested the instructions, I feel the document is of significant value in helping someone setup an IDS system using SNEZ 4.3, describing some of the more difficult aspects and potential pitfalls perhaps better than I could. It also contains some good suggestions for improving SNEZ that I'll consider for a future release. I can't tell you how much I appreciate the contribution of the author.