From fa3c2e96911bef223f62ecb0f450495b677dab4f Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 15 Dec 2014 11:20:31 -0500
Subject: Update Snort package to 2.9.7.0 pkg v3.2

---
 config/snort/snort.inc                        |  85 +++++------
 config/snort/snort.priv.inc                   |   1 +
 config/snort/snort.xml                        |   9 +-
 config/snort/snort_check_cron_misc.inc        |  27 +++-
 config/snort/snort_check_for_rule_updates.php | 198 +++++++++++++++-----------
 config/snort/snort_conf_template.inc          |   3 -
 config/snort/snort_defs.inc                   | 101 +++++++++++++
 config/snort/snort_download_updates.php       |  77 +++++-----
 config/snort/snort_generate_conf.php          |  39 +++--
 config/snort/snort_interface_logs.php         |  18 ++-
 config/snort/snort_interfaces_edit.php        |   6 +
 config/snort/snort_interfaces_global.php      | 132 ++++++++++++-----
 config/snort/snort_ip_list_mgmt.php           |  37 +++--
 config/snort/snort_ip_reputation.php          |  14 +-
 config/snort/snort_log_mgmt.php               |  32 ++++-
 config/snort/snort_migrate_config.php         |  76 +++++++---
 config/snort/snort_post_install.php           |  31 +---
 config/snort/snort_preprocessors.php          | 150 ++++++++++++++-----
 config/snort/snort_rules.php                  |   9 +-
 config/snort/snort_sid_mgmt.php               |  11 +-
 20 files changed, 743 insertions(+), 313 deletions(-)
 create mode 100644 config/snort/snort_defs.inc

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 5c113d27..ed1e64be 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -36,9 +36,8 @@ require_once("config.inc");
 require_once("functions.inc");
 require_once("service-utils.inc");
 require_once("pkg-utils.inc");
-
-// Needed on 2.0 because of filter_get_vpns_list()
 require_once("filter.inc");
+require("/usr/local/pkg/snort/snort_defs.inc");
 
 // Snort GUI needs some extra PHP memory space to manipulate large rules arrays
 ini_set("memory_limit", "256M");
@@ -48,47 +47,12 @@ global $g, $config, $rebuild_rules, $pfSense_snort_version;
 
 // Grab the Snort binary version programmatically, but if that fails use a safe default
 $snortver = array();
-exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
-
-/* Used to indicate latest version of this include file has been loaded */
-$pfSense_snort_version = "3.1.5";
+$snortbindir = SNORT_PBI_BINDIR;
+exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
 
 /* get installed package version for display */
 $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}";
 
-// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
-$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pfs_version >= 2.2) {
-	define("SNORTDIR", "/usr/pbi/snort-" . php_uname("m") . "/local/etc/snort");
-	define("SNORTLIBDIR", "/usr/pbi/snort-" . php_uname("m") . "/local/lib/snort");
-}
-else {
-	define("SNORTDIR", "/usr/pbi/snort-" . php_uname("m") . "/etc/snort");
-	define("SNORTLIBDIR", "/usr/pbi/snort-" . php_uname("m") . "/lib/snort");
-}
-
-/* Define some useful constants for Snort */
-/* Be sure to include trailing slash on the URL defines */
-define("SNORTLOGDIR", "{$g['varlog_path']}/snort");
-define("SNORT_BIN_VERSION", "2.9.6.2");
-define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz");
-define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
-define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
-define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules");
-define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
-define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/");
-define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");
-if (!defined("FLOWBITS_FILENAME"))
-	define("FLOWBITS_FILENAME", "flowbit-required.rules");
-if (!defined("VRT_FILE_PREFIX"))
-	define("VRT_FILE_PREFIX", "snort_");
-if (!defined("GPL_FILE_PREFIX"))
-	define("GPL_FILE_PREFIX", "GPLv2_");
-if (!defined("ET_OPEN_FILE_PREFIX"))
-	define("ET_OPEN_FILE_PREFIX", "emerging-");
-if (!defined("ET_PRO_FILE_PREFIX"))
-	define("ET_PRO_FILE_PREFIX", "etpro-");
-
 /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */
 $rebuild_rules = false;
 
@@ -599,13 +563,14 @@ function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) {
 	$snortdir = SNORTDIR;
 	$snortlogdir = SNORTLOGDIR;
 	$snort_uuid = $snortcfg['uuid'];
+	$snortbindir = SNORT_PBI_BINDIR;
 
 	if ($snortcfg['barnyard_enable'] == 'on' && !isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
 		log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
 		if ($background)
-			mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
+			mwexec_bg("{$snortbindir}barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
 	else
-			mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
+			mwexec("{$snortbindir}barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
 	}
 }
 
@@ -615,13 +580,19 @@ function snort_start($snortcfg, $if_real, $background=FALSE) {
 	$snortdir = SNORTDIR;
 	$snortlogdir = SNORTLOGDIR;
 	$snort_uuid = $snortcfg['uuid'];
+	$snortbindir = SNORT_PBI_BINDIR;
+
+	if ($config['installedpackages']['snortglobal']['verbose_logging'] == "on")
+		$quiet = "";
+	else
+		$quiet = "-q --suppress-config-log";
 
 	if ($snortcfg['enable'] == 'on' && !isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
 		log_error("[Snort] Snort START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
 		if ($background)
-			mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+			mwexec_bg("{$snortbindir}snort -R {$snort_uuid} -D {$quiet} -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
 		else
-			mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+			mwexec("{$snortbindir}snort -R {$snort_uuid} -D {$quiet} -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
 		snort_barnyard_start($snortcfg, $if_real, $background);
 	}
 }
@@ -2735,11 +2706,12 @@ function snort_load_sid_mods($sids) {
 		if (preg_match('/(\d+)\s*:\s*(\d+)/', $v, $match)) {
 			if (!is_array($result[$match[1]]))
 				$result[$match[1]] = array();
+			if (!is_array($result[$match[1]][$match[2]]))
+				$result[$match[1]][$match[2]] = array();
 			$result[$match[1]][$match[2]] = "{$match[1]}:{$match[2]}";
 		}
 	}
 	unset($tmp);
-
 	return $result;
 }
 
@@ -2804,6 +2776,7 @@ function snort_create_rc() {
 
 	$snortdir = SNORTDIR;
 	$snortlogdir = SNORTLOGDIR;
+	$snortbindir = SNORT_PBI_BINDIR;
 	$rcdir = RCFILEPREFIX;	
 
 	$snortconf = $config['installedpackages']['snortglobal']['rule'];
@@ -2814,6 +2787,12 @@ function snort_create_rc() {
 		return;
 	}
 
+	// See whether or not to enable detailed startup logging
+	if ($config['installedpackages']['snortglobal']['verbose_logging'] == "on")
+		$quiet = "";
+	else
+		$quiet = "-q --suppress-config-log";
+
 	// At least one interface is configured, so OK
 	$start_snort_iface_start = array();
 	$start_snort_iface_stop = array();
@@ -2837,7 +2816,7 @@ function snort_create_rc() {
 	fi
 	if [ -z \$pid ]; then
 		/usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..."
-		/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q > /dev/null 2>&1
+		{$snortbindir}barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q > /dev/null 2>&1
 	fi
 EOE;
 		$stop_barnyard2 = <<<EOE
@@ -2888,7 +2867,7 @@ EOE;
 
 	if [ -z \$pid ]; then
 		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..."
-		/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} > /dev/null 2>&1
+		{$snortbindir}snort -R {$snort_uuid} -D {$quiet} -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} > /dev/null 2>&1
 	fi
 
 	{$start_barnyard2}
@@ -3106,7 +3085,7 @@ function snort_deinstall() {
 	global $config, $g;
 
 	$snortdir = SNORTDIR;
-	$snortlibdir = SNORTLIBDIR;
+	$snortlibdir = "/usr/pbi/snort-" . php_uname("m") . "/lib";
 	$snortlogdir = SNORTLOGDIR;
 	$rcdir = RCFILEPREFIX;
 	$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE;
@@ -3205,6 +3184,8 @@ function snort_deinstall() {
 		rmdir_recursive("/usr/local/www/snort");
 		rmdir_recursive("/usr/local/etc/snort");
 		rmdir_recursive("/usr/local/lib/snort");
+		rmdir_recursive("/usr/local/lib/snort_dynamicengine");
+		rmdir_recursive("/usr/local/lib/snort_dynamicpreprocessor");
 	}
 
 	/* Keep this as a last step */
@@ -3518,10 +3499,9 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
 	 * Format of array is:                             *
 	 *    "rule_option" => "dependent_preprocessor"    *
 	 *                                                 *
-	 * Last Update: 04/05/2013                         *
+	 * Last Update: 10/30/2014                         *
 	 *                                                 *
-	 * Added: http_inspect content modifiers and       *
-	 *        various "service" metadata values.       *
+	 * Added: appid: detection option                  *
 	 *                                                 *
 	 ***************************************************/
 	$rule_opts_preprocs = array("ssl_version:" => "ssl_preproc","ssl_state:" => "ssl_preproc",
@@ -3544,7 +3524,8 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
 				    "uricontent:" => "http_inspect", "urilen:" => "http_inspect",
 				    "http_encode;" => "http_inspect", "service http" => "http_inspect",
 				    "service imap" => "imap_preproc", "service pop2" => "pop_preproc",
-				    "service pop3" => "pop_preproc", "service smtp" => "smtp_preprocessor");
+				    "service pop3" => "pop_preproc", "service smtp" => "smtp_preprocessor", 
+				    "appid:" => "appid_preproc" );
 
 	/***************************************************
 	 * Iterate the enabled rules, and check for rule   *
@@ -3650,7 +3631,7 @@ function snort_generate_conf($snortcfg) {
 		return;
 
 	$snortdir = SNORTDIR;
-	$snortlibdir = SNORTLIBDIR;
+	$snortlibdir = SNORT_PBI_BASEDIR . "lib";
 	$snortlogdir = SNORTLOGDIR;
 	$flowbit_rules_file = FLOWBITS_FILENAME;
 	$snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME;
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 1af0e783..928ecb52 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -11,6 +11,7 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_barnyard.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_blocked.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_check_for_rule_updates.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_define_servers.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_defs.inc*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_download_rules.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_download_updates.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_edit_hat_data.php*";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 91d42532..e8f8b5f2 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -46,8 +46,8 @@
 	<requirements>None</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>Snort</name>
-	<version>2.9.6.2</version>
-	<title>Services:2.9.6.2 pkg v3.1.5</title>
+	<version>2.9.7.0</version>
+	<title>Services:2.9.7.0 pkg v3.2</title>
 	<include_file>/usr/local/pkg/snort/snort.inc</include_file>
 	<menu>
 		<name>Snort</name>
@@ -128,6 +128,11 @@
 		<chmod>077</chmod>
 		<item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item>
 	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/pkg/snort/</prefix>
+		<chmod>077</chmod>
+		<item>https://packages.pfsense.org/packages/config/snort/snort_defs.inc</item>
+	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/www/snort/</prefix>
 		<chmod>077</chmod>
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index b39d8d1c..a2688b58 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -75,16 +75,21 @@ function snort_check_dir_size_limit($snortloglimitsize) {
 				@file_put_contents("{$snort_log_dir}/alert", "");
 			}
 
-			// Cleanup any rotated perfmon stats logs
+			// Cleanup any perfmon stats logs
 			$files = array();
 			$list = glob("{$snort_log_dir}/*");
 			foreach ($list as $file) {
-				if (preg_match('/(^\d{4}-\d{2}-\d{2}[\.]?[\d+]?)/', basename($file), $matches))
+				if (preg_match('/(^\d{4}-\d{2}-\d{2}[\.\d+]*)/', basename($file), $matches))
 					$files[] = $snort_log_dir . "/" . $matches[1];
 			}
 			foreach ($files as $file)
 				unlink_if_exists($file);
 
+			// Cleanup any AppID stats logs
+			$files = glob("{$snort_log_dir}/appid-stats.log.*");
+			foreach ($files as $file)
+				unlink_if_exists($file);
+
 			// This is needed if snort is run as snort user
 			mwexec('/bin/chmod 660 {$snort_log_dir}/*', true);
 
@@ -214,7 +219,7 @@ if ($config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on') {
 			$files = array();
 			$list = glob("{$snort_log_dir}/*");
 			foreach ($list as $file) {
-				if (preg_match('/(^\d{4}-\d{2}-\d{2}[\.]?[\d+]?)/', basename($file), $matches))
+				if (preg_match('/(^\d{4}-\d{2}-\d{2}[\.\d+]*)/', basename($file), $matches))
 					$files[] = $snort_log_dir . "/" . $matches[1];
 			}
 			$prune_count = 0;
@@ -228,6 +233,22 @@ if ($config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on') {
 			if ($prune_count > 0)
 				log_error(gettext("[Snort] perfmon stats logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/..."));
 		}
+
+		// Prune any aged-out AppID stats logs if any exist
+		if ($value['appid_stats_log_retention'] > 0) {
+			$now = time();
+			$files = glob("{$snort_log_dir}/app-stats.log.*");
+			$prune_count = 0;
+			foreach ($files as $f) {
+				if (($now - filemtime($f)) > ($value['appid_stats_log_retention'] * 3600)) {
+					$prune_count++;
+					unlink_if_exists($f);
+				}
+			}
+			unset($files);
+			if ($prune_count > 0)
+				log_error(gettext("[Snort] AppID stats logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/..."));
+		}
 	}
 }
 
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index edf99dc8..3106cb7b 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -32,46 +32,16 @@
 
 require_once("functions.inc");
 require_once("service-utils.inc");
-require_once "/usr/local/pkg/snort/snort.inc";
+require_once("/usr/local/pkg/snort/snort.inc");
+require("/usr/local/pkg/snort/snort_defs.inc");
 
 global $g, $config, $pkg_interface, $snort_gui_include, $rebuild_rules;
 
-if (!defined("VRT_DNLD_URL"))
-	define("VRT_DNLD_URL", "https://www.snort.org/rules/");
-if (!defined("SNORT_BIN_VERSION"))
-	define("SNORT_BIN_VERSION", "2.9.6.2");
-if (!defined("ET_VERSION"))
-	define("ET_VERSION", "2.9.0");
-if (!defined("ET_BASE_DNLD_URL"))
-	define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); 
-if (!defined("ETPRO_BASE_DNLD_URL"))
-	define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); 
-if (!defined("SNORT_ET_DNLD_FILENAME"))
-	define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz");
-if (!defined("SNORT_ETPRO_DNLD_FILENAME"))
-	define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
-if (!defined("SNORT_GPLV2_DNLD_FILENAME"))
-	define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
-if (!defined("GPLV2_DNLD_URL"))
-	define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
-if (!defined("SNORT_RULES_UPD_LOGFILE"))
-	define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
-if (!defined("VRT_FILE_PREFIX"))
-	define("VRT_FILE_PREFIX", "snort_");
-if (!defined("GPL_FILE_PREFIX"))
-	define("GPL_FILE_PREFIX", "GPLv2_");
-if (!defined("ET_OPEN_FILE_PREFIX"))
-	define("ET_OPEN_FILE_PREFIX", "emerging-");
-if (!defined("ET_PRO_FILE_PREFIX"))
-	define("ET_PRO_FILE_PREFIX", "etpro-");
-if (!defined("SNORT_IPREP_PATH"))
-	define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/");
-
 $snortdir = SNORTDIR;
-$snortlibdir = SNORTLIBDIR;
+$snortlibdir = "/usr/pbi/snort-" . php_uname("m") . "/lib";
 $snortlogdir = SNORTLOGDIR;
 $snortiprepdir = SNORT_IPREP_PATH;
-$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE;
+$snortbindir = SNORT_PBI_BINDIR;
 $mounted_rw = FALSE;
 
 /* Save the state of $pkg_interface so we can restore it */
@@ -89,6 +59,7 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'
 $etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off';
 $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
 $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off';
+$openappid_detectors = $config['installedpackages']['snortglobal']['openappid_detectors'] == 'on' ? 'on' : 'off';
 
 /* Working directory for downloaded rules tarballs and extraction */
 $tmpfname = "{$g['tmp_path']}/snort_rules_up";
@@ -97,7 +68,7 @@ $tmpfname = "{$g['tmp_path']}/snort_rules_up";
 /* the proper Snort VRT rules tarball and md5 filenames. Fallback to a    */
 /* default in the event we fail.                                          */
 $snortver = array();
-exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
 // Save the version with decimal delimiters for use in extracting the rules
 $snort_version = $snortver[0];
 if (empty($snort_version))
@@ -143,6 +114,11 @@ $snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME;
 $snort_community_rules_filename_md5 = SNORT_GPLV2_DNLD_FILENAME . ".md5";
 $snort_community_rules_url = GPLV2_DNLD_URL;
 
+/* Snort OpenAppID detectors filename and URL */
+$snort_openappid_filename = SNORT_OPENAPPID_DNLD_FILENAME;
+$snort_openappid_filename_md5 = SNORT_OPENAPPID_DNLD_FILENAME . ".md5";
+$snort_openappid_url = SNORT_OPENAPPID_DNLD_URL;
+
 function snort_download_file_url($url, $file_out) {
 
 	/************************************************/
@@ -293,21 +269,21 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
 	/*           error occurred.                              */
 	/**********************************************************/
 
-	global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors;
+	global $pkg_interface, $last_curl_error, $update_errors;
 
 	$snortdir = SNORTDIR;
 	$filename_md5 = basename($file_dst);
 
 	if ($pkg_interface <> "console")
 		update_status(gettext("Downloading {$desc} md5 file..."));
-	error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, $snort_rules_upd_log);
+	error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 	$rc = snort_download_file_url($file_url, $file_dst);
 
 	// See if download from URL was successful
 	if ($rc === true) {
 		if ($pkg_interface <> "console")
 			update_status(gettext("Done downloading {$filename_md5}."));
-		error_log("\tChecking {$desc} md5 file...\n", 3, $snort_rules_upd_log);
+		error_log("\tChecking {$desc} md5 file...\n", 3, SNORT_RULES_UPD_LOGFILE);
 
 		// check md5 hash in new file against current file to see if new download is posted
 		if (file_exists("{$snortdir}/{$filename_md5}")) {
@@ -317,7 +293,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
 				if ($pkg_interface <> "console")
 					update_status(gettext("{$desc} are up to date..."));
 				log_error(gettext("[Snort] {$desc} are up to date..."));
-				error_log(gettext("\t{$desc} are up to date.\n"), 3, $snort_rules_upd_log);
+				error_log(gettext("\t{$desc} are up to date.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 				return false;
 			}
 			else
@@ -326,7 +302,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
 		return true;
 	}
 	else {
-		error_log(gettext("\t{$desc} md5 download failed.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\t{$desc} md5 download failed.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		$snort_err_msg = gettext("Server returned error code {$rc}.");
 		if ($pkg_interface <> "console") {
 			update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ..."));
@@ -334,9 +310,9 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
 		}
 		log_error(gettext("[Snort] {$desc} md5 download failed..."));
 		log_error(gettext("[Snort] Server returned error code {$rc}..."));
-		error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log);
-		error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
-		error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\t{$snort_err_msg}\n"), 3, SNORT_RULES_UPD_LOGFILE);
+		error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, SNORT_RULES_UPD_LOGFILE);
+		error_log(gettext("\t{$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		$update_errors = true;
 		return false;
 	}
@@ -361,7 +337,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
 	/*           FALSE if download was not successful.        */
 	/**********************************************************/
 
-	global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors;
+	global $pkg_interface, $last_curl_error, $update_errors;
 
 	$snortdir = SNORTDIR;
 	$filename = basename($file_dst);
@@ -369,8 +345,8 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
 	if ($pkg_interface <> "console")
 		update_status(gettext("There is a new set of {$desc} posted. Downloading..."));
 	log_error(gettext("[Snort] There is a new set of {$desc} posted. Downloading {$filename}..."));
-	error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, $snort_rules_upd_log);
-	error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, $snort_rules_upd_log);
+	error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, SNORT_RULES_UPD_LOGFILE);
+	error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, SNORT_RULES_UPD_LOGFILE);
        	$rc = snort_download_file_url($file_url, $file_dst);
 
 	// See if the download from the URL was successful
@@ -378,7 +354,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
 		if ($pkg_interface <> "console")
 			update_status(gettext("Done downloading {$desc} file."));
 		log_error("[Snort] {$desc} file update downloaded successfully");
-		error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log);
+		error_log(gettext("\tDone downloading rules file.\n"),3, SNORT_RULES_UPD_LOGFILE);
 	
 		// Test integrity of the rules file.  Turn off update if file has wrong md5 hash
 		if ($file_md5 != trim(md5_file($file_dst))){
@@ -387,10 +363,10 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
 			log_error(gettext("[Snort] {$desc} file download failed.  Bad MD5 checksum..."));
         	        log_error(gettext("[Snort] Downloaded File MD5: " . md5_file($file_dst)));
 			log_error(gettext("[Snort] Expected File MD5: {$file_md5}"));
-			error_log(gettext("\t{$desc} file download failed.  Bad MD5 checksum.\n"), 3, $snort_rules_upd_log);
-			error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log);
-			error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log);
-			error_log(gettext("\t{$desc} file download failed.  {$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+			error_log(gettext("\t{$desc} file download failed.  Bad MD5 checksum.\n"), 3, SNORT_RULES_UPD_LOGFILE);
+			error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, SNORT_RULES_UPD_LOGFILE);
+			error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, SNORT_RULES_UPD_LOGFILE);
+			error_log(gettext("\t{$desc} file download failed.  {$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 			$update_errors = true;
 			return false;
 		}
@@ -400,9 +376,9 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
 		if ($pkg_interface <> "console")
 			update_output_window(gettext("{$desc} file download failed..."));
 		log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'..."));
-		error_log(gettext("\t{$desc} file download failed.  Server returned error {$rc}.\n"), 3, $snort_rules_upd_log);
-		error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
-		error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\t{$desc} file download failed.  Server returned error {$rc}.\n"), 3, SNORT_RULES_UPD_LOGFILE);
+		error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, SNORT_RULES_UPD_LOGFILE);
+		error_log(gettext("\t{$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		$update_errors = true;
 		return false;
 	}
@@ -422,18 +398,18 @@ safe_mkdir("{$snortdir}/rules");
 safe_mkdir("{$snortdir}/signatures");
 safe_mkdir("{$snortdir}/preproc_rules");
 safe_mkdir("{$tmpfname}");
-safe_mkdir("{$snortlibdir}/dynamicrules");
+safe_mkdir("{$snortlibdir}/snort_dynamicrules");
 safe_mkdir("{$snortlogdir}");
 safe_mkdir("{$snortiprepdir}");
 
 /* See if we need to automatically clear the Update Log based on 1024K size limit */
-if (file_exists($snort_rules_upd_log)) {
-	if (1048576 < filesize($snort_rules_upd_log))
-		unlink_if_exists("{$snort_rules_upd_log}");
+if (file_exists(SNORT_RULES_UPD_LOGFILE)) {
+	if (1048576 < filesize(SNORT_RULES_UPD_LOGFILE))
+		unlink_if_exists("{SNORT_RULES_UPD_LOGFILE}");
 }
 
 /* Log start time for this rules update */
-error_log(gettext("Starting rules update...  Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log);
+error_log(gettext("Starting rules update...  Time: " . date("Y-m-d H:i:s") . "\n"), 3, SNORT_RULES_UPD_LOGFILE);
 $last_curl_error = "";
 $update_errors = false;
 
@@ -449,9 +425,22 @@ if ($snortdownload == 'on') {
 		$snortdownload = 'off';
 }
 
+/*  Check for and download any new Snort OpenAppID detectors */
+if ($openappid_detectors == 'on') {
+	if (snort_check_rule_md5("{$snort_openappid_url}{$snort_openappid_filename}/md5", "{$tmpfname}/{$snort_openappid_filename_md5}", "Snort OpenAppID detectors")) {
+		$file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_openappid_filename_md5}"));
+		file_put_contents("{$tmpfname}/{$snort_openappid_filename_md5}", $file_md5);
+		/* download snort-openappid file */
+		if (!snort_fetch_new_rules("{$snort_openappid_url}{$snort_openappid_filename}", "{$tmpfname}/{$snort_openappid_filename}", $file_md5, "Snort OpenAppID detectors"))
+			$openappid_detectors = 'off';
+	}
+	else
+		$openappid_detectors = 'off';
+}
+
 /*  Check for and download any new Snort GPLv2 Community Rules sigs */
 if ($snortcommunityrules == 'on') {
-	if (snort_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) {
+	if (snort_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename}/md5", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) {
 		/* download Snort GPLv2 Community Rules file */
 		$file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}"));
 		if (!snort_fetch_new_rules("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}", $file_md5, "Snort GPLv2 Community Rules"))
@@ -492,7 +481,7 @@ if ($snortdownload == 'on') {
 			update_status(gettext("Extracting Snort VRT rules..."));
 			update_output_window(gettext("Installing Sourcefire VRT rules..."));
 		}
-		error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		/* extract snort.org rules and add VRT_FILE_PREFIX prefix to all snort.org files */
 		safe_mkdir("{$tmpfname}/snortrules");
 		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/");
@@ -507,7 +496,7 @@ if ($snortdownload == 'on') {
 			$newfile = basename($file);
 			@copy($file, "{$snortdir}/rules/{$newfile}");
 		}
-		exec("rm -r {$tmpfname}/snortrules");
+		rmdir_recursive("{$tmpfname}/snortrules");
 		/* Extract the Snort preprocessor rules */
 		if ($pkg_interface <> "console")
 			update_output_window(gettext("Extracting preprocessor rules files..."));
@@ -517,22 +506,21 @@ if ($snortdownload == 'on') {
 			$newfile = basename($file);
 			@copy($file, "{$snortdir}/preproc_rules/{$newfile}");
 		}
-		exec("rm -r {$tmpfname}/preproc_rules");
+		rmdir_recursive("{$tmpfname}/preproc_rules");
 		/* extract so rules */
 		if ($pkg_interface <> "console") {
 			update_status(gettext("Extracting Snort VRT Shared Objects rules..."));
 			update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}..."));
 		}
-		exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/");
-		error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		$snort_arch = php_uname("m");
 		$nosorules = false;
 		if ($snort_arch  == 'i386'){
 			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/");
-			exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
+			exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/snort_dynamicrules/");
 		} elseif ($snort_arch == 'amd64') {
 			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/");
-			exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
+			exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/snort_dynamicrules/");
 		} else
 			$nosorules = true;
 		rmdir_recursive("{$tmpfname}/so_rules/");
@@ -558,7 +546,7 @@ if ($snortdownload == 'on') {
 			if (file_exists("{$tmpfname}/etc/{$file}"))
 				@copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}");
 		}
-		exec("rm -r {$tmpfname}/etc");
+		rmdir_recursive("{$tmpfname}/etc");
 		if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
 			if ($pkg_interface <> "console")
 				update_status(gettext("Copying md5 signature to snort directory..."));
@@ -568,7 +556,30 @@ if ($snortdownload == 'on') {
 			update_status(gettext("Extraction of Snort VRT rules completed..."));
 			update_output_window(gettext("Installation of Sourcefire VRT rules completed..."));
 		}
-		error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE);
+	}
+}
+
+/* Untar Snort OpenAppID detectors file to SNORT_APPID_ODP_PATH */
+if ($openappid_detectors == 'on') {
+	// If we have a valid downloaded file, then first cleanup the old directory
+	if (file_exists("{$tmpfname}/{$snort_openappid_filename}")) {
+		$snort_openappid_path = SNORT_APPID_ODP_PATH;
+		rmdir_recursive("{$snort_openappid_path}odp");
+		error_log(gettext("\tExtracting and installing Snort OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE);
+		safe_mkdir(SNORT_APPID_ODP_PATH);
+		exec("/usr/bin/tar oxzf {$tmpfname}/{$snort_openappid_filename} -C {$snort_openappid_path}");
+		if (file_exists("{$tmpfname}/{$snort_openappid_filename_md5}")) {
+			if ($pkg_interface <> "console")
+				update_status(gettext("Copying md5 signature to snort directory..."));
+			@copy("{$tmpfname}/{$snort_openappid_filename_md5}", "{$snortdir}/{$snort_openappid_filename_md5}");
+		}
+		if ($pkg_interface <> "console") {
+			update_status(gettext("Extraction of Snort OpenAppID detectors completed..."));
+			update_output_window(gettext("Installation of Snort OpenAppID detectors completed..."));
+		}
+		unlink_if_exists("{$tmpfname}/{$snort_openappid_filename}");
+		error_log(gettext("\tInstallation of Snort OpenAppID detectors completed.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 	}
 }
 
@@ -580,7 +591,7 @@ if ($snortcommunityrules == 'on') {
 			update_status(gettext("Extracting Snort GPLv2 Community Rules..."));
 			update_output_window(gettext("Installing Snort GPLv2 Community Rules..."));
 		}
-		error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/");
 
 		$files = glob("{$tmpfname}/community/community-rules/*.rules");
@@ -603,7 +614,7 @@ if ($snortcommunityrules == 'on') {
 			update_status(gettext("Extraction of Snort GPLv2 Community Rules completed..."));
 			update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed..."));
 		}
-		error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		rmdir_recursive("{$tmpfname}/community/");
 	}
 }
@@ -616,7 +627,7 @@ if ($emergingthreats == 'on') {
 			update_status(gettext("Extracting {$et_name} rules..."));
 			update_output_window(gettext("Installing {$et_name} rules..."));
 		}
-		error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/");
 
 		/* Remove the old Emerging Threats rules files */
@@ -664,7 +675,7 @@ if ($emergingthreats == 'on') {
 			update_status(gettext("Extraction of {$et_name} rules completed..."));
 			update_output_window(gettext("Installation of {$et_name} rules completed..."));
 		}
-		error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		rmdir_recursive("{$tmpfname}/emerging/");
 	}
 }
@@ -698,7 +709,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
 
 	if ($pkg_interface <> "console")
 		update_status(gettext('Copying new config and map files...'));
-	error_log(gettext("\tCopying new config and map files...\n"), 3, $snort_rules_upd_log);
+	error_log(gettext("\tCopying new config and map files...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 
 	/******************************************************************/
 	/* Build the classification.config and reference.config files     */
@@ -757,8 +768,8 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
 				safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules");
 			if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules"))
 				safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules");
-			if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor"))
-				safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor");
+			if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/snort_dynamicpreprocessor"))
+				safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/snort_dynamicpreprocessor");
 
 			snort_apply_customizations($value, $if_real);
 
@@ -768,7 +779,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
 				$tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for ");
 				$tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n";
 			}
-			error_log($tmp, 3, $snort_rules_upd_log);
+			error_log($tmp, 3, SNORT_RULES_UPD_LOGFILE);
 		}
 	}
 	else {
@@ -776,7 +787,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
 		        update_output_window(gettext("Warning:  No interfaces configured for Snort were found..."));
 			update_output_window(gettext("No interfaces currently have Snort configured and enabled on them..."));
 		}
-		error_log(gettext("\tWarning:  No interfaces configured for Snort were found...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tWarning:  No interfaces configured for Snort were found...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 	}
 
 	/* Clear the rebuild rules flag.  */
@@ -788,7 +799,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
 			update_status(gettext('Restarting Snort to activate the new set of rules...'));
 			update_output_window(gettext("Please wait ... restarting Snort will take some time..."));
 		}
-		error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		touch("{$g['varrun_path']}/snort_pkg_starting.lck");
 		snort_restart_all_interfaces(TRUE);
 		sleep(3);
@@ -796,7 +807,32 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
 		if ($pkg_interface <> "console")
 		        update_output_window(gettext("Snort has restarted with your new set of rules..."));
        		log_error(gettext("[Snort] Snort has restarted with your new set of rules..."));
-		error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, SNORT_RULES_UPD_LOGFILE);
+	}
+	else {
+		if ($pkg_interface <> "console")
+			update_output_window(gettext("The rules update task is complete..."));
+	}
+}
+elseif ($openappid_detectors == 'on') {
+	/**************************************************************************************/
+	/* Only updated OpenAppID detectors, so do not need to rebuild all interface rules.   */
+	/* Restart snort if running, and not in post-install, so as to pick up the detectors. */
+	/**************************************************************************************/
+       	if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) {
+		if ($pkg_interface <> "console") {
+			update_status(gettext('Restarting Snort to activate the new OpenAppID detectors...'));
+			update_output_window(gettext("Please wait ... restarting Snort will take some time..."));
+		}
+		error_log(gettext("\tRestarting Snort to activate the new OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE);
+		touch("{$g['varrun_path']}/snort_pkg_starting.lck");
+		snort_restart_all_interfaces(TRUE);
+		sleep(2);
+		unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck");
+		if ($pkg_interface <> "console")
+		        update_output_window(gettext("Snort has restarted with your new set of OpenAppID detectors..."));
+       		log_error(gettext("[Snort] Snort has restarted with your new set of OpenAppID detectors..."));
+		error_log(gettext("\tSnort has restarted with your new set of OpenAppID detectors.\n"), 3, SNORT_RULES_UPD_LOGFILE);
 	}
 	else {
 		if ($pkg_interface <> "console")
@@ -812,7 +848,7 @@ if (is_dir("{$tmpfname}")) {
 if ($pkg_interface <> "console")
 	update_status(gettext("The Rules update has finished..."));
 log_error(gettext("[Snort] The Rules update has finished."));
-error_log(gettext("The Rules update has finished.  Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log);
+error_log(gettext("The Rules update has finished.  Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, SNORT_RULES_UPD_LOGFILE);
 
 /* Remount filesystem read-only if we changed it in this module */
 if ($mounted_rw == TRUE)
diff --git a/config/snort/snort_conf_template.inc b/config/snort/snort_conf_template.inc
index e1b11acc..6b362ce5 100644
--- a/config/snort/snort_conf_template.inc
+++ b/config/snort/snort_conf_template.inc
@@ -24,9 +24,6 @@ var RULE_PATH {$snortcfgdir}/rules
 # Define Server Ports #
 {$portvardef}
 
-# Configure quiet startup mode #
-config quiet
-
 # Configure the snort decoder #
 config checksum_mode: {$cksumcheck}
 config disable_decode_alerts
diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc
new file mode 100644
index 00000000..aa4b2dc9
--- /dev/null
+++ b/config/snort/snort_defs.inc
@@ -0,0 +1,101 @@
+<?php
+/*
+ * snort_defs.inc
+ *
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009-2010 Robert Zelaya
+ * Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013,2014 Bill Meeks
+ * part of pfSense
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+global $g, $config;
+
+/* Define some useful constants for Snort */
+if (!defined("SNORT_PBI_BASEDIR"))
+	define("SNORT_PBI_BASEDIR", "/usr/pbi/snort-" . php_uname("m") . "/");
+if (!defined("SNORT_PBI_BINDIR"))
+	define("SNORT_PBI_BINDIR", SNORT_PBI_BASEDIR . "bin/");
+if (!defined("SNORTDIR"))
+	define("SNORTDIR", SNORT_PBI_BASEDIR . "etc/snort");
+if (!defined("SNORTLOGDIR"))
+	define("SNORTLOGDIR", "{$g['varlog_path']}/snort");
+if (!defined("SNORT_BIN_VERSION")) {
+	// Grab the Snort binary version programmatically
+	$snortver = array();
+	$snortbindir = SNORT_PBI_BINDIR;
+	mwexec("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+	if (!empty($snortver[0]))
+		define("SNORT_BIN_VERSION", $snortver[0]);
+	else
+		define("SNORT_BIN_VERSION", "2.9.7.0");
+}
+if (!defined("SNORT_SID_MODS_PATH"))
+	define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");
+if (!defined("SNORT_IPREP_PATH"))
+	define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/");
+if (!defined('SNORT_APPID_ODP_PATH'))
+	define('SNORT_APPID_ODP_PATH', "{$g['vardb_path']}/snort/app/");
+
+// Rules filenames, download URLs and prefixes.
+// Be sure to include the trailing backslash on URLs.
+if (!defined("SNORT_ENFORCING_RULES_FILENAME"))
+	define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules");
+if (!defined("FLOWBITS_FILENAME"))
+	define("FLOWBITS_FILENAME", "flowbit-required.rules");
+if (!defined("SNORT_RULES_UPD_LOGFILE"))
+	define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
+if (!defined("VRT_DNLD_URL"))
+	define("VRT_DNLD_URL", "https://www.snort.org/rules/");
+if (!defined("ET_VERSION"))
+	define("ET_VERSION", "2.9.0");
+if (!defined("ET_BASE_DNLD_URL"))
+	define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); 
+if (!defined("ETPRO_BASE_DNLD_URL"))
+	define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); 
+if (!defined("SNORT_ET_DNLD_FILENAME"))
+	define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+if (!defined("SNORT_ETPRO_DNLD_FILENAME"))
+	define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
+if (!defined("SNORT_GPLV2_DNLD_FILENAME"))
+	define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
+if (!defined("GPLV2_DNLD_URL"))
+	define("GPLV2_DNLD_URL", "https://www.snort.org/downloads/community/");
+if (!defined("SNORT_OPENAPPID_DNLD_URL"))
+	define("SNORT_OPENAPPID_DNLD_URL", "https://www.snort.org/downloads/openappid/");
+if (!defined("SNORT_OPENAPPID_DNLD_FILENAME"))
+	define("SNORT_OPENAPPID_DNLD_FILENAME", "snort-openappid.tar.gz");
+if (!defined("SNORT_RULES_UPD_LOGFILE"))
+	define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
+if (!defined("VRT_FILE_PREFIX"))
+	define("VRT_FILE_PREFIX", "snort_");
+if (!defined("GPL_FILE_PREFIX"))
+	define("GPL_FILE_PREFIX", "GPLv2_");
+if (!defined("ET_OPEN_FILE_PREFIX"))
+	define("ET_OPEN_FILE_PREFIX", "emerging-");
+if (!defined("ET_PRO_FILE_PREFIX"))
+	define("ET_PRO_FILE_PREFIX", "etpro-");
+
+?>
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index e74a9ce6..3f34cb7e 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -39,24 +39,18 @@ require_once("/usr/local/pkg/snort/snort.inc");
 /* Define some locally required variables from Snort constants */
 $snortdir = SNORTDIR;
 $snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE;
+$snortbinver = SNORT_BIN_VERSION;
+$snortbinver = str_replace(".", "", $snortbinver);
 
-/* Grab the Snort binary version programmatically and */
-/* use it to construct the proper Snort VRT rules     */
-/* tarball filename.  Fallback to a safe default if   */
-/* we fail.                                           */
-$snortver = array();
-exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
-if (empty($snortver[0]))
-	$snortver[0] = SNORT_BIN_VERSION;
-$snortver[0] = str_replace(".", "", $snortver[0]);
-
-$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+$snort_rules_file = "snortrules-snapshot-{$snortbinver}.tar.gz";
 $snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME;
+$snort_openappid_filename = SNORT_OPENAPPID_DNLD_FILENAME;
 
 $snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
 $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
 $etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
 $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$openappid_detectors = $config['installedpackages']['snortglobal']['openappid_detectors'];
 
 /* Get last update information if available */
 if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_time']))
@@ -70,21 +64,21 @@ else
 
 if ($etpro == "on") {
 	$emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME;
-	$et_name = "Emerging Threats Pro Rules";
+	$et_name = gettext("Emerging Threats Pro Rules");
 }
 else {
 	$emergingthreats_filename = SNORT_ET_DNLD_FILENAME;
-	$et_name = "Emerging Threats Open Rules";
+	$et_name = gettext("Emerging Threats Open Rules");
 }
 
 /* quick md5 chk of downloaded rules */
 if ($snortdownload == 'on') {
-	$snort_org_sig_chk_local = 'Not Downloaded';
-	$snort_org_sig_date = 'Not Downloaded';
+	$snort_org_sig_chk_local = gettext("Not Downloaded");
+	$snort_org_sig_date = gettext("Not Downloaded");
 }
 else {
-	$snort_org_sig_chk_local = 'Not Enabled';
-	$snort_org_sig_date = 'Not Enabled';
+	$snort_org_sig_chk_local = gettext("Not Enabled");
+	$snort_org_sig_date = gettext("Not Enabled");
 }
 if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on') {
 	$snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5");
@@ -92,12 +86,12 @@ if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on'
 }
 
 if ($etpro == "on" || $emergingthreats == "on") {
-	$emergingt_net_sig_chk_local = 'Not Downloaded';
-	$emergingt_net_sig_date = 'Not Downloaded';
+	$emergingt_net_sig_chk_local = gettext("Not Downloaded");
+	$emergingt_net_sig_date = gettext("Not Downloaded");
 }
 else {
-	$emergingt_net_sig_chk_local = 'Not Enabled';
-	$emergingt_net_sig_date = 'Not Enabled';
+	$emergingt_net_sig_chk_local = gettext("Not Enabled");
+	$emergingt_net_sig_date = gettext("Not Enabled");
 }
 if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on" || $emergingthreats == "on")) {
 	$emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/{$emergingthreats_filename}.md5");
@@ -105,16 +99,29 @@ if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on
 }
 
 if ($snortcommunityrules == 'on') {
-	$snort_community_sig_chk_local = 'Not Downloaded';
-	$snort_community_sig_sig_date = 'Not Downloaded';
+	$snort_community_sig_chk_local = gettext("Not Downloaded");
+	$snort_community_sig_date = gettext("Not Downloaded");
 }
 else {
-	$snort_community_sig_chk_local = 'Not Enabled';
-	$snort_community_sig_sig_date = 'Not Enabled';
+	$snort_community_sig_chk_local = gettext("Not Enabled");
+	$snort_community_sig_date = gettext("Not Enabled");
 }
 if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5") && $snortcommunityrules == 'on') {
 	$snort_community_sig_chk_local = file_get_contents("{$snortdir}/{$snort_community_rules_filename}.md5");
-	$snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5"));
+	$snort_community_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5"));
+}
+
+if ($openappid_detectors == 'on') {
+	$openappid_detectors_sig_chk_local = gettext("Not Downloaded");
+	$openappid_detectors_sig_date = gettext("Not Downloaded");
+}
+else {
+	$openappid_detectors_sig_chk_local = gettext("Not Enabled");
+	$openappid_detectors_sig_date = gettext("Not Enabled");
+}
+if (file_exists("{$snortdir}/{$snort_openappid_filename}.md5") && $openappid_detectors == 'on') {
+	$openappid_detectors_sig_chk_local = file_get_contents("{$snortdir}/{$snort_openappid_filename}.md5");
+	$openappid_detectors_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_openappid_filename}.md5"));
 }
 
 /* Check for postback to see if we should clear the update log file. */
@@ -122,7 +129,7 @@ if (isset($_POST['clear'])) {
 	unlink_if_exists($snort_rules_upd_log);
 }
 
-if (isset($_POST['check'])) {
+if (isset($_POST['update'])) {
 	header("Location: /snort/snort_download_rules.php");
 	exit;
 }
@@ -135,6 +142,7 @@ if ($_POST['force']) {
 	unlink_if_exists("{$snortdir}/{$emergingthreats_filename}.md5");
 	unlink_if_exists("{$snortdir}/{$snort_community_rules_filename}.md5");
 	unlink_if_exists("{$snortdir}/{$snort_rules_file}.md5");
+	unlink_if_exists("{$snortdir}/{$snort_openappid_filename}.md5");
 
 	// Revert file system to R/O.
 	conf_mount_ro();
@@ -204,20 +212,25 @@ include_once("head.inc");
 						</tr>
 					</thead>
 					<tr>
-						<td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td>
+						<td align="center" class="vncell vexpl"><b><?=gettext("Snort VRT Rules");?></b></td>
 						<td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td>
 						<td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td>
 					</tr>
 					<tr>
-						<td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td>
+						<td align="center" class="vncell vexpl"><b><?=gettext("Snort GPLv2 Community Rules");?></b></td>
 						<td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td>
-						<td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td>
+						<td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_date);?></td>
 					</tr>
 					<tr>
 						<td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td>
 						<td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td>
 						<td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td>
 					</tr>
+					<tr>
+						<td align="center" class="vncell vexpl"><b><?=gettext("Snort OpenAppID Detectors");?></b></td>
+						<td align="center" class="vncell vexpl"><? echo trim($openappid_detectors_sig_chk_local);?></td>
+						<td align="center" class="vncell vexpl"><?php echo gettext($openappid_detectors_sig_date);?></td>
+					</tr>
 				</table><br/>
 				</td>
 			</tr>
@@ -253,8 +266,8 @@ include_once("head.inc");
 						<br/></p>
 					<?php else: ?>
 						<br/>
-						<input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn" 
-						title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
+						<input type="submit" value="<?=gettext("Update");?>" name="update" id="update" class="formbtn" 
+						title="<?php echo gettext("Check for and apply new update to enabled rule sets"); ?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
 						<input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn" 
 						title="<?=gettext("Force an update of all enabled rule sets");?>" 
 						onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of enabled rule sets.  Click OK to continue or CANCEL to quit");?>');"/>
diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php
index fb5c750f..1d56fc13 100644
--- a/config/snort/snort_generate_conf.php
+++ b/config/snort/snort_generate_conf.php
@@ -64,9 +64,9 @@ $snort_dirs = array( $snortdir, $snortcfgdir, "{$snortcfgdir}/rules",
 	"{$snortlogdir}/snort_{$if_real}{$snort_uuid}",
 	"{$snortlogdir}/snort_{$if_real}{$snort_uuid}/barnyard2", 
 	"{$snortcfgdir}/preproc_rules", 
-	"dynamicrules" => "{$snortlibdir}/dynamicrules",
-	"dynamicengine" => "{$snortlibdir}/dynamicengine",
-	"dynamicpreprocessor" => "{$snortcfgdir}/dynamicpreprocessor"
+	"dynamicrules" => "{$snortlibdir}/snort_dynamicrules",
+	"dynamicengine" => "{$snortlibdir}/snort_dynamicengine",
+	"dynamicpreprocessor" => "{$snortcfgdir}/snort_dynamicpreprocessor"
 );
 foreach ($snort_dirs as $dir) {
 	if (!is_dir($dir))
@@ -82,7 +82,7 @@ foreach ($snort_dirs as $dir) {
 /* put in place by the rules update process.                        */
 /********************************************************************/
 $snort_files = array("gen-msg.map", "classification.config", "reference.config", "attribute_table.dtd", 
-		"sid-msg.map", "unicode.map", "threshold.conf", "preproc_rules/preprocessor.rules",
+		"sid-msg.map", "unicode.map", "file_magic.conf", "threshold.conf", "preproc_rules/preprocessor.rules",
 		"preproc_rules/decoder.rules", "preproc_rules/sensitive-data.rules"
 	);
 foreach ($snort_files as $file) {
@@ -126,6 +126,10 @@ if ($snortcfg['barnyard_enable'] == "on") {
 		$snortunifiedlog_type .= ", vlan_event_types";
 	if ($snortcfg['barnyard_log_mpls_events'] == 'on')
 		$snortunifiedlog_type .= ", mpls_event_types";
+
+	// If AppID detector is enabled, add it to unified2 logging
+	if ($snortcfg['appid_preproc'] == 'on' )
+		$snortunifiedlog_type .= ", appid_event_types";
 }
 
 /* define spoink */
@@ -889,6 +893,23 @@ preprocessor reputation: \
 
 EOD;
 
+/* def AppID preprocessor */
+$appid_memcap = $snortcfg['sf_appid_mem_cap'] * 1024 * 1024;
+$appid_params = "app_detector_dir " . SNORT_APPID_ODP_PATH . ", \\\n\tmemcap {$appid_memcap}";
+if ($snortcfg['sf_appid_statslog'] == "on") {
+	$appid_params .= ", \\\n\tapp_stats_filename app-stats.log";
+	$appid_params .= ", \\\n\tapp_stats_period {$snortcfg['sf_appid_stats_period']}";
+	$appid_params .= ", \\\n\tapp_stats_rollover_size " . strval($config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] * 1024);
+	$appid_params .= ", \\\n\tapp_stats_rollover_time 86400";
+}
+
+$appid_preproc = <<<EOD
+# AppID preprocessor #
+preprocessor appid: \
+	{$appid_params}
+
+EOD;
+
 /***************************************/
 /* end of preprocessor string var code */
 /***************************************/
@@ -920,14 +941,14 @@ $snort_preproc_libs = array(
 	"dce_rpc_2" => "dce2_preproc", "dns_preprocessor" => "dns_preproc", "ftp_preprocessor" => "ftptelnet_preproc", "imap_preproc" => "imap_preproc",
 	"pop_preproc" => "pop_preproc", "reputation_preproc" => "reputation_preproc", "sensitive_data" => "sdf_preproc", 
 	"sip_preproc" => "sip_preproc", "gtp_preproc" => "gtp_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc", 
-	"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
+	"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc", "appid_preproc" => "appid_preproc"
 );
 $snort_preproc = array (
 	"perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", 
-	"dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc"
+	"dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "appid_preproc"
 );
 $default_disabled_preprocs = array(
-	"sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat" 
+	"sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat", "appid_preproc"
 );
 $snort_preprocessors = "";
 foreach ($snort_preproc as $preproc) {
@@ -941,8 +962,8 @@ foreach ($snort_preproc as $preproc) {
 		if (!empty($snort_preproc_libs[$preproc])) {
 			$preproclib = "libsf_" . $snort_preproc_libs[$preproc];
 			if (!file_exists($snort_dirs['dynamicpreprocessor'] . "{$preproclib}.so")) {
-				if (file_exists("{$snortlibdir}/dynamicpreprocessor/{$preproclib}.so")) {
-					@copy("{$snortlibdir}/dynamicpreprocessor/{$preproclib}.so", "{$snort_dirs['dynamicpreprocessor']}/{$preproclib}.so");
+				if (file_exists("{$snortlibdir}/snort_dynamicpreprocessor/{$preproclib}.so")) {
+					@copy("{$snortlibdir}/snort_dynamicpreprocessor/{$preproclib}.so", "{$snort_dirs['dynamicpreprocessor']}/{$preproclib}.so");
 					$snort_preprocessors .= $$preproc;
 					$snort_preprocessors .= "\n";
 				} else
diff --git a/config/snort/snort_interface_logs.php b/config/snort/snort_interface_logs.php
index ba8215ca..c8c4c24c 100644
--- a/config/snort/snort_interface_logs.php
+++ b/config/snort/snort_interface_logs.php
@@ -54,15 +54,29 @@ $if_real = get_real_interface($a_instance[$id]['interface']);
 // Construct a pointer to the instance's logging subdirectory
 $snortlogdir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}/";
 
+// Construct a pointer to the PBI_BIN directory
+$snortbindir = SNORT_PBI_BINDIR;
+
 // Limit all file access to just the currently selected interface's logging subdirectory
 $logfile = htmlspecialchars($snortlogdir . basename($_POST['file']));
 
 if ($_POST['action'] == 'load') {
+	// If viewing the app-stats log, then grab only the most recent one
+	if (strpos(basename($logfile), "app-stats.log") !== FALSE) {
+		$appid_statlogs = glob("{$snortlogdir}app-stats.log.*");
+		$logfile = array_pop($appid_statlogs);
+	}
+
 	if(!is_file($logfile)) {
 		echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|";
 	}
 	else {
-		$data = file_get_contents($logfile);
+		// Test for special unified2 format app-stats file because
+		// we have to use a Snort binary tool to display its contents.
+		if (strpos(basename($_POST['file']), "app-stats.log") !== FALSE)
+			$data = shell_exec("{$snortbindir}u2openappid {$logfile} 2>&1");
+		else 
+			$data = file_get_contents($logfile);
 		if($data === false) {
 			echo "|1|" . gettext("Failed to read log file") . ".|";
 		} else {
@@ -178,7 +192,7 @@ if ($input_errors) {
 				<td width="78%" class="vtable">
 					<select name="logFile" id="logFile" class="formselect" onChange="loadFile();">
 			<?php
-				$logs = array( "alert", "{$if_real}.stats" , "sid_changes.log" );
+				$logs = array( "alert", "app-stats.log", "{$if_real}.stats" , "sid_changes.log" );
 				foreach ($logs as $log) {
 					$selected = "";
 					if ($log == basename($logfile))
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 14b54b34..0d41c7db 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -365,9 +365,15 @@ if ($_POST["save"] && !$input_errors) {
 			if (!is_array($natent['stream5_tcp_engine']['item']))
 				$natent['stream5_tcp_engine']['item'] = array();
 			$natent['stream5_tcp_engine']['item'][] = $stream5_eng;
+
 			$natent['alertsystemlog_facility'] = "log_auth";
 			$natent['alertsystemlog_priority'] = "log_alert";
 
+			$natent['appid_preproc'] = "off";
+			$natent['sf_appid_mem_cap'] = "256";
+			$natent['sf_appid_statslog'] = "on";
+			$natent['sf_appid_stats_period'] = "300";
+
 			$a_rule[] = $natent;
 		}
 
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index fb36d192..d816284a 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -41,19 +41,26 @@ require_once("/usr/local/pkg/snort/snort.inc");
 global $g;
 
 $snortdir = SNORTDIR;
-
-/* make things short  */
-$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off';
-$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
-$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off';
-$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off';
-$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
-$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
-$pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime'];
-$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off';
-$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off';
-$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off';
+$snort_openappdir = SNORT_APPID_ODP_PATH;
+
+// Grab any previous input values if doing a SAVE operation
+if ($_POST['save'])
+	$pconfig = $_POST;
+else {
+	$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off';
+	$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+	$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
+	$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off';
+	$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off';
+	$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
+	$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+	$pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime'];
+	$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off';
+	$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off';
+	$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off';
+	$pconfig['verbose_logging'] = $config['installedpackages']['snortglobal']['verbose_logging'] == "on" ? 'on' : 'off';
+	$pconfig['openappid_detectors'] = $config['installedpackages']['snortglobal']['openappid_detectors'] == "on" ? 'on' : 'off';
+}
 
 /* Set sensible values for any empty default params */
 if (!isset($pconfig['rule_update_starttime']))
@@ -61,6 +68,16 @@ if (!isset($pconfig['rule_update_starttime']))
 if (!isset($config['installedpackages']['snortglobal']['forcekeepsettings']))
 	$pconfig['forcekeepsettings'] = 'on';
 
+/* Grab OpenAppID version info if enabled and downloaded */
+if ($pconfig['openappid_detectors'] == "on") {
+	if (file_exists("{$snort_openappdir}odp/version.conf")) {
+		$openappid_ver = gettext("Installed Detection Package ");
+		$openappid_ver .= gettext(ucfirst(strtolower(file_get_contents("{$snort_openappdir}odp/version.conf"))));
+	}
+	else
+		$openappid_ver = gettext("N/A (Not Downloaded)");
+}
+
 if ($_POST['rule_update_starttime']) {
 	if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime']))
 		$input_errors[] = "Invalid Rule Update Start Time!  Please supply a value in 24-hour format as 'HH:MM'.";
@@ -72,6 +89,9 @@ if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode']))
 if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
 		$input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!";
 
+if ($_POST['openappid_detectors'] == "on" && empty($_POST['openappid_dnload_url']))
+		$input_errors[] = "You must supply a download URL in the box provided in order to enable OpenAppID detectors!";
+
 /* if no errors move foward with save */
 if (!$input_errors) {
 	if ($_POST["save"]) {
@@ -81,6 +101,8 @@ if (!$input_errors) {
 		$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
 		$config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
 		$config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off';
+		$config['installedpackages']['snortglobal']['verbose_logging'] = $_POST['verbose_logging'] ? 'on' : 'off';
+		$config['installedpackages']['snortglobal']['openappid_detectors'] = $_POST['openappid_detectors'] ? 'on' : 'off';
 
 		// If any rule sets are being turned off, then remove them
 		// from the active rules section of each interface.  Start
@@ -137,13 +159,13 @@ if (!$input_errors) {
 
 		$retval = 0;
 
+		write_config("Snort pkg: modified global settings.");
+
 		/* create whitelist and homenet file, then sync files */
 		conf_mount_rw();
 		sync_snort_package_config();
 		conf_mount_ro();
 
-		write_config("Snort pkg: modified global settings.");
-
 		/* forces page to reload new settings */
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -206,7 +228,7 @@ if ($input_errors)
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 		<tr>
 			<td><input name="snortdownload" type="checkbox" id="snortdownload" value="on" onclick="enable_snort_vrt();" 
-			<?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>></td>
+			<?php if($pconfig['snortdownload']=='on') echo 'checked'; ?> /></td>
 			<td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
 		<tr>
 			<td>&nbsp;</td>
@@ -224,9 +246,9 @@ if ($input_errors)
 		</tr>
 		<tr>
 			<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
-			<td><input name="oinkmastercode" type="text"
-				class="formfld unknown" id="oinkmastercode" size="52"
-				value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br/>
+			<td><input name="oinkmastercode" type="text" 
+				class="formfld unknown" id="oinkmastercode" size="52" 
+				value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>" /><br/>
 			<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
 		</tr>
 		</table>
@@ -236,8 +258,8 @@ if ($input_errors)
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 			<tr>
-				<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
-				<?php if ($config['installedpackages']['snortglobal']['snortcommunityrules']=="on") echo "checked";?> ></td>
+				<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" 
+				<?php if ($pconfig['snortcommunityrules']=="on") echo "checked";?> /></td>
 				<td class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " . 
 				"without any VRT License restrictions.  This ruleset is updated daily and is a subset of the subscriber ruleset.");?>
 				<br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note:  ") . "</strong></span>" . 
@@ -252,13 +274,13 @@ if ($input_errors)
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 			<tr>
 				<td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="on" onclick="enable_et_rules();" 
-				<?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>></td>
+				<?php if ($pconfig['emergingthreats']=="on") echo "checked"; ?> /></td>
 				<td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
 				"is more limited than ETPro."); ?></span></td>
 			</tr>
 			<tr>
 				<td valign="top" width="8%"><input name="emergingthreats_pro" type="checkbox" value="on" onclick="enable_etpro_rules();" 
-				<?php if ($config['installedpackages']['snortglobal']['emergingthreats_pro']=="on") echo "checked"; ?>></td>
+				<?php if ($pconfig['emergingthreats_pro']=="on") echo "checked"; ?>/></td>
 				<td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
 			</tr>
 		<tr>
@@ -282,13 +304,38 @@ if ($input_errors)
 			<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
 			<td><input name="etpro_code" type="text"
 				class="formfld unknown" id="etpro_code" size="52"
-				value="<?=htmlspecialchars($pconfig['etpro_code']);?>"><br/>
+				value="<?=htmlspecialchars($pconfig['etpro_code']);?>"/><br/>
 			<?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
 		</tr>
 		</table>
 	</td>
 </tr>
-
+<tr>
+	<td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("OpenAppID") . "</strong>" . gettext(" detectors");?></td>
+	<td width="78%" class="vtable">
+		<table width="100%" border="0" cellpadding="2" cellspacing="0">
+			<tr>
+				<td valign="top" width="8%"><input name="openappid_detectors" type="checkbox" value="on" onclick="enable_openappid_dnload();" 
+				<?php if ($pconfig['openappid_detectors']=="on") echo "checked";?> /></td>
+				<td class="vexpl"><?php echo gettext("The OpenAppID package contains the application signatures required by " . 
+				"the AppID preprocessor.");?>
+				<br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note:  ") . "</strong></span>" . 
+				gettext("You must enable download of the OpenAppID detectors package in order to utilize the Application ID ") . 
+				gettext("preprocessor and any user-provided application detection rules.  Once enabled, go to the ") . 
+				"<a href='/snort/snort_download_updates.php'>" . gettext("UPDATES") . "</a>" . gettext(" tab and click to download updates.");?></td>
+			</tr>
+			<tbody id="openappid_rows">
+			<tr>
+				<td class="vexpl" colspan="2"><br/><strong><?=gettext("OpenAppID Detection Package");?></strong></td>
+			</tr>
+			<tr>
+				<td class="vexpl" valign="top"><strong><?=gettext("VER:");?></strong></td>
+				<td class="vexpl"><?=htmlspecialchars($openappid_ver);?></td>
+			</tr>
+			</tbody>
+		</table>
+	</td>
+</tr>
 <tr>
 	<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Rules Update Settings"); ?></td>
 </tr>
@@ -300,7 +347,7 @@ if ($input_errors)
 		$interfaces3 = array('never_up' => gettext('NEVER'), '6h_up' => gettext('6 HOURS'), '12h_up' => gettext('12 HOURS'), '1d_up' => gettext('1 DAY'), '4d_up' => gettext('4 DAYS'), '7d_up' => gettext('7 DAYS'), '28d_up' => gettext('28 DAYS'));
 		foreach ($interfaces3 as $iface3 => $ifacename3): ?>
 		<option value="<?=$iface3;?>"
-		<?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
+		<?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?> />
 			<?=htmlspecialchars($ifacename3);?></option>
 			<?php endforeach; ?>
 	</select><span class="vexpl">&nbsp;&nbsp;<?php echo gettext("Please select the interval for rule updates. Choosing ") . 
@@ -310,7 +357,7 @@ if ($input_errors)
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td>
 	<td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4" 
-	maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
+	maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?> /><span class="vexpl">&nbsp;&nbsp;
 	<?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" . 
 	gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/>
 	<?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " . 
@@ -327,7 +374,7 @@ if ($input_errors)
 		$interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS'));
 		foreach ($interfaces3 as $iface3 => $ifacename3): ?>
 		<option value="<?=$iface3;?>"
-		<?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+		<?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?> />
 			<?=htmlspecialchars($ifacename3);?></option>
 			<?php endforeach; ?>
 	</select>&nbsp;
@@ -336,21 +383,29 @@ if ($input_errors)
 </tr>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td>
-	<td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes"
-	<?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/>&nbsp;
+	<td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes" 
+	<?php if ($pconfig['clearblocks']=="on") echo " checked"; ?> />&nbsp;
 	<?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td>
 </tr>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td>
 	<td width="78%" class="vtable"><input name="forcekeepsettings"
-		id="forcekeepsettings" type="checkbox" value="yes"
-		<?php if ($pconfig['forcekeepsettings']=="on") echo "checked"; ?>
-		>&nbsp;&nbsp;<?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
+		id="forcekeepsettings" type="checkbox" value="yes" 
+		<?php if ($pconfig['forcekeepsettings']=="on") echo "checked"; ?> />
+		&nbsp;&nbsp;<?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
+	<td width="22%" valign="top" class="vncell"><?php echo gettext("Startup/Shutdown Logging"); ?></td>
+	<td width="78%" class="vtable"><input name="verbose_logging"
+		id="verbose_logging" type="checkbox" value="yes" 
+		<?php if ($pconfig['verbose_logging']=="on") echo "checked"; ?> />
+		&nbsp;&nbsp;<?php echo gettext("Output detailed messages to the system log when Snort is starting and stopping.  Default is ") . 
+		"<strong>" . gettext("Not Checked") . "</strong>" . gettext("."); ?></td>
 </tr>
 <tr>
 	<td width="22%" valign="top">
 	<td width="78%">
-		<input name="save" type="submit" class="formbtn" value="Save" >
+		<input name="save" type="submit" class="formbtn" value="Save" />
 	</td>
 </tr>
 <tr>
@@ -403,11 +458,20 @@ function enable_change_rules_upd() {
 		document.iform.rule_update_starttime.disabled="";		
 }
 
+function enable_openappid_dnload() {
+	var endis = document.iform.openappid_detectors.checked;
+	if (endis)
+		document.getElementById("openappid_rows").style.display = "";
+	else
+		document.getElementById("openappid_rows").style.display = "none";
+}
+
 // Initialize the form controls state based on saved settings
 enable_snort_vrt();
 enable_et_rules();
 enable_etpro_rules();
 enable_change_rules_upd();
+enable_openappid_dnload();
 
 //-->
 </script>
diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php
index 8311ea1c..20d486c6 100644
--- a/config/snort/snort_ip_list_mgmt.php
+++ b/config/snort/snort_ip_list_mgmt.php
@@ -152,6 +152,7 @@ if ($savemsg)
 <input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
 <input type="hidden" name="iplist_fname" id="iplist_fname" value=""/>
 <table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tbody>
 <tr><td>
 <?php
         $tab_array = array();
@@ -170,21 +171,19 @@ if ($savemsg)
 ?>
 </td>
 </tr>
-<tbody id="uploader" style="display: none;" class="tabcont">
-	<tr>
-		<td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD.  Click CLOSE to quit."); ?></td>
-	</tr>
-	<tr>
-		<td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" />
-			&nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" 
-			title="<?=gettext("Upload selected IP list to firewall");?>"/>&nbsp;&nbsp;<input type="button" 
-			value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td>
-		<td class="list"></td>
-	</tr>
-</tbody>
 <tr>
 	<td>
 	<div id="mainarea">
+
+	<?php if ($g['platform'] == "nanobsd") : ?>
+		<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+			<tbody>
+			<tr>
+				<td colspan="2" class="listtopic"><?php echo gettext("IP Reputation is not supported on NanoBSD installs"); ?></td>
+			</tr>
+			</tbody>
+		</table>
+	<?php else: ?>
 		<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
 			<colgroup>
 				<col style="width: 50%;">
@@ -223,6 +222,18 @@ if ($savemsg)
 				height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td>
 			</tr>
 		<?php endforeach; ?>
+			<tbody id="uploader" style="display: none;">
+				<tr>
+					<td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD.  Click CLOSE to quit."); ?></td>
+				</tr>
+				<tr>
+					<td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" />
+					&nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" 
+					title="<?=gettext("Upload selected IP list to firewall");?>"/>&nbsp;&nbsp;<input type="button" 
+					value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td>
+					<td colspan="4" class="list"></td>
+				</tr>
+			</tbody>
 			<tbody id="iplist_editor" style="<?=$iplist_edit_style;?>">
 			<tr>
 				<td colspan="4">&nbsp;</td>
@@ -267,9 +278,11 @@ if ($savemsg)
 				<td class="list"></td>
 			</tr>
 		</table>
+	<?php endif; ?>
 	</div>
 	</td>
 </tr>
+</tbody>
 </table>
 </form>
 <?php include("fend.inc"); ?>
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
index 891f3773..4c3065a0 100644
--- a/config/snort/snort_ip_reputation.php
+++ b/config/snort/snort_ip_reputation.php
@@ -204,6 +204,7 @@ if ($savemsg)
 <?php endif; ?>
 
 <table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tbody>
 	<tr>
 		<td>
 		<?php
@@ -239,6 +240,12 @@ if ($savemsg)
 	<tr>
 		<td><div id="mainarea">
 			<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+				<tbody>
+			<?php if ($g['platform'] == "nanobsd") : ?>
+				<tr>
+					<td colspan="2" class="listtopic"><?php echo gettext("IP Reputation is not supported on NanoBSD installs"); ?></td>
+				</tr>
+			<?php else: ?>
 				<tr>
 					<td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Preprocessor Configuration"); ?></td>
 				</tr>
@@ -368,9 +375,9 @@ if ($savemsg)
 					<td width="22%" valign='top' class='vncell'><?php echo gettext("Whitelist Files"); ?>
 					</td>
 					<td width="78%" class="vtable">
-						<table width="95%" border="0" cellpadding="2" cellspacing="0">
 					<!-- wlist_chooser -->
 					<div id="wlistChooser" name="wlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+						<table width="95%" border="0" cellpadding="2" cellspacing="0">
 							<colgroup>
 								<col style="text-align:left;">
 								<col style="width: 30%; text-align:left;">
@@ -411,12 +418,16 @@ if ($savemsg)
 						</table>
 					</td>
 				</tr>
+			<?php endif; ?>
+				</tbody>
 			</table>
 		</div>
 		</td>
 	</tr>
+	</tbody>
 </table>
 
+<?php if ($g['platform'] != "nanobsd") : ?>
 <script type="text/javascript">
 Event.observe(
 	window, "load",
@@ -504,6 +515,7 @@ function wlistComplete(req) {
 }
 
 </script>
+<?php endif; ?>
 
 </form>
 <?php include("fend.inc"); ?>
diff --git a/config/snort/snort_log_mgmt.php b/config/snort/snort_log_mgmt.php
index 0e38afc2..33d94a04 100644
--- a/config/snort/snort_log_mgmt.php
+++ b/config/snort/snort_log_mgmt.php
@@ -57,6 +57,8 @@ $pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['snortglob
 $pconfig['sid_changes_log_retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention'];
 $pconfig['event_pkts_log_limit_size'] = '0';
 $pconfig['event_pkts_log_retention'] = $config['installedpackages']['snortglobal']['event_pkts_log_retention'];
+$pconfig['appid_stats_log_limit_size'] = $config['installedpackages']['snortglobal']['appid_stats_log_limit_size'];
+$pconfig['appid_stats_log_retention'] = $config['installedpackages']['snortglobal']['appid_stats_log_retention'];
 
 // Load up some arrays with selection values (we use these later).
 // The keys in the $retentions array are the retention period
@@ -86,6 +88,8 @@ if (!isset($pconfig['sid_changes_log_retention']))
 	$pconfig['sid_changes_log_retention'] = "336";
 if (!isset($pconfig['event_pkts_log_retention']))
 	$pconfig['event_pkts_log_retention'] = "336";
+if (!isset($pconfig['appid_stats_log_retention']))
+	$pconfig['appid_stats_log_retention'] = "168";
 
 // Set default log file size limits
 if (!isset($pconfig['alert_log_limit_size']))
@@ -94,6 +98,8 @@ if (!isset($pconfig['stats_log_limit_size']))
 	$pconfig['stats_log_limit_size'] = "500";
 if (!isset($pconfig['sid_changes_log_limit_size']))
 	$pconfig['sid_changes_log_limit_size'] = "250";
+if (!isset($pconfig['appid_stats_log_limit_size']))
+	$pconfig['appid_stats_log_limit_size'] = "1000";
 
 if ($_POST['ResetAll']) {
 
@@ -102,11 +108,13 @@ if ($_POST['ResetAll']) {
 	$pconfig['stats_log_retention'] = "168";
 	$pconfig['sid_changes_log_retention'] = "336";
 	$pconfig['event_pkts_log_retention'] = "336";
+	$pconfig['appid_stats_log_retention'] = "168";
 
 	$pconfig['alert_log_limit_size'] = "500";
 	$pconfig['stats_log_limit_size'] = "500";
 	$pconfig['sid_changes_log_limit_size'] = "250";
 	$pconfig['event_pkts_log_limit_size'] = "0";
+	$pconfig['appid_stats_log_limit_size'] = "1000";
 
 	/* Log a message at the top of the page to inform the user */
 	$savemsg = gettext("All log management settings on this page have been reset to their defaults.  Click APPLY if you wish to keep these new settings.");
@@ -148,6 +156,8 @@ if ($_POST["save"] || $_POST['apply']) {
 		$config['installedpackages']['snortglobal']['sid_changes_log_retention'] = $_POST['sid_changes_log_retention'];
 		$config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = $_POST['event_pkts_log_limit_size'];
 		$config['installedpackages']['snortglobal']['event_pkts_log_retention'] = $_POST['event_pkts_log_retention'];
+		$config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] = $_POST['appid_stats_log_limit_size'];
+		$config['installedpackages']['snortglobal']['appid_stats_log_retention'] = $_POST['appid_stats_log_retention'];
 
 		write_config("Snort pkg: saved updated configuration for LOGS MGMT.");
 		conf_mount_rw();
@@ -307,7 +317,26 @@ if ($savemsg) {
 					</td>
 					<td class="listbg"><?=gettext("Snort alerts and event details");?></td>
 				</tr>
-
+				<tr>
+					<td class="listbg">appid-stats</td>
+					<td class="listr" align="center"><select name="appid_stats_log_limit_size" class="formselect" id="appid_stats_log_limit_size">
+						<?php foreach ($log_sizes as $k => $l): ?>
+							<option value="<?=$k;?>"
+							<?php if ($k == $pconfig['appid_stats_log_limit_size']) echo " selected"; ?>>
+								<?=htmlspecialchars($l);?></option>
+						<?php endforeach; ?>
+						</select>
+					</td>
+					<td class="listr" align="center"><select name="appid_stats_log_retention" class="formselect" id="appid_stats_log_retention">
+						<?php foreach ($retentions as $k => $p): ?>
+							<option value="<?=$k;?>"
+							<?php if ($k == $pconfig['appid_stats_log_retention']) echo " selected"; ?>>
+								<?=htmlspecialchars($p);?></option>
+						<?php endforeach; ?>
+						</select>
+					</td>
+					<td class="listbg"><?=gettext("Application ID statistics");?></td>
+				</tr>
 				<tr>
 					<td class="listbg">event pcaps</td>
 					<td class="listr" align="center"><select name="event_pkts_log_limit_size" class="formselect" id="event_pkts_log_limit_size">
@@ -324,7 +353,6 @@ if ($savemsg) {
 					</td>
 					<td class="listbg"><?=gettext("Snort alert related packet captures");?></td>
 				</tr>
-
 				<tr>
 					<td class="listbg">sid_changes</td>
 					<td class="listr" align="center"><select name="sid_changes_log_limit_size" class="formselect" id="sid_changes_log_limit_size">
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index a722d52b..12ae5d19 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -73,27 +73,52 @@ if (empty($config['installedpackages']['snortglobal']['snort_config_ver']) &&
 /**********************************************************/
 /* Create new Auto SID Mgmt settings if not set           */
 /**********************************************************/
-	if (empty($config['installedpackages']['snortglobal']['auto_manage_sids'])) {
-		$config['installedpackages']['snortglobal']['auto_manage_sids'] = "off";
-		$updated_cfg = true;
-	}
+if (empty($config['installedpackages']['snortglobal']['auto_manage_sids'])) {
+	$config['installedpackages']['snortglobal']['auto_manage_sids'] = "off";
+	$updated_cfg = true;
+}
 
 /**********************************************************/
 /* Create new LOG MGMT settings if not set                */
 /**********************************************************/
-	if (empty($config['installedpackages']['snortglobal']['enable_log_mgmt'])) {
-		$config['installedpackages']['snortglobal']['enable_log_mgmt'] = "on";
-		$config['installedpackages']['snortglobal']['alert_log_limit_size'] = "500";
-		$config['installedpackages']['snortglobal']['alert_log_retention'] = "336";
-		$config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = "0";
-		$config['installedpackages']['snortglobal']['event_pkts_log_retention'] = "336";
-		$config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = "250";
-		$config['installedpackages']['snortglobal']['sid_changes_log_retention'] = "336";
-		$config['installedpackages']['snortglobal']['stats_log_limit_size'] = "500";
-		$config['installedpackages']['snortglobal']['stats_log_retention'] = "168";
-		$updated_cfg = true;
+if (empty($config['installedpackages']['snortglobal']['enable_log_mgmt'])) {
+	$config['installedpackages']['snortglobal']['enable_log_mgmt'] = "on";
+	$config['installedpackages']['snortglobal']['alert_log_limit_size'] = "500";
+	$config['installedpackages']['snortglobal']['alert_log_retention'] = "336";
+	$config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] = "1000";
+	$config['installedpackages']['snortglobal']['appid_stats_log_retention'] = "168";
+	$config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = "0";
+	$config['installedpackages']['snortglobal']['event_pkts_log_retention'] = "336";
+	$config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = "250";
+	$config['installedpackages']['snortglobal']['sid_changes_log_retention'] = "336";
+	$config['installedpackages']['snortglobal']['stats_log_limit_size'] = "500";
+	$config['installedpackages']['snortglobal']['stats_log_retention'] = "168";
+	$updated_cfg = true;
+}
+if (empty($config['installedpackages']['snortglobal']['appid_stats_log_limit_size']))
+	$config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] = "1000";
+if (empty($config['installedpackages']['snortglobal']['appid_stats_log_retention']))
+	$config['installedpackages']['snortglobal']['appid_stats_log_retention'] = "168";
+
+/**********************************************************/
+/* Create new VERBOSE_LOGGING setting if not set          */
+/**********************************************************/
+if (empty($config['installedpackages']['snortglobal']['verbose_logging'])) {
+	$config['installedpackages']['snortglobal']['verbose_logging'] = "off";
+	$updated_cfg = true;
 }
 
+/**********************************************************/
+/* Create new OpenAppID settings if not set               */
+/**********************************************************/
+if (empty($config['installedpackages']['snortglobal']['openappid_detectors'])) {
+	$config['installedpackages']['snortglobal']['openappid_detectors'] = "off";
+	$updated_cfg = true;
+}
+
+/**********************************************************/
+/* Migrate per interface settings if required.            */
+/**********************************************************/
 foreach ($rule as &$r) {
 	// Initialize arrays for supported preprocessors if necessary
 	if (!is_array($r['frag3_engine']['item']))
@@ -482,6 +507,24 @@ foreach ($rule as &$r) {
 		$updated_cfg = true;
 	}
 
+	// Default any unconfigured AppID preprocessor settings
+	if (empty($pconfig['appid_preproc'])) {
+		$pconfig['appid_preproc'] = 'off';
+		$updated_cfg = true;
+	}
+	if (empty($pconfig['sf_appid_mem_cap'])) {
+		$pconfig['sf_appid_mem_cap'] = '256';
+		$updated_cfg = true;
+	}
+	if (empty($pconfig['sf_appid_statslog'])) {
+		$pconfig['sf_appid_statslog'] = 'on';
+		$updated_cfg = true;
+	}
+	if (empty($pconfig['sf_appid_stats_period'])) {
+		$pconfig['sf_appid_stats_period'] = '300';
+		$updated_cfg = true;
+	}
+
 	// Save the new configuration data into the $config array pointer
 	$r = $pconfig;
 }
@@ -490,8 +533,7 @@ unset($r);
 
 // Log a message if we changed anything
 if ($updated_cfg) {
-	$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.5";
-	log_error("[Snort] Saving configuration settings in new format...");
+	$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2";
 	log_error("[Snort] Settings successfully migrated to new configuration format...");
 }
 else
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 5009a8b3..57e92ce5 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -41,35 +41,12 @@
 require_once("config.inc");
 require_once("functions.inc");
 require_once("/usr/local/pkg/snort/snort.inc");
+require("/usr/local/pkg/snort/snort_defs.inc");
 
 global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include;
 
-/****************************************
- * Define any new constants here that   *
- * may not be yet defined in the old    *
- * "snort.inc" include file that might  *
- * be cached and used by the package    *
- * manager installation code.           *
- *                                      *
- * This is a hack to work around the    *
- * fact the old version of suricata.inc *
- * is cached and used instead of the    *
- * updated version icluded with the     *
- * updated GUI package.                 *
- ****************************************/
-if (!defined('SNORT_SID_MODS_PATH'))
-	define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");
-
-if (!defined('SNORT_ENFORCING_RULES_FILENAME'))
-	define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules");
-
-/****************************************
- * End of PHP caching workaround        *
- ****************************************/
-
 $snortdir = SNORTDIR;
 $snortlogdir = SNORTLOGDIR;
-$snortlibdir = SNORTLIBDIR;
 $rcdir = RCFILEPREFIX;
 $flowbit_rules_file = FLOWBITS_FILENAME;
 $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME;
@@ -101,6 +78,7 @@ conf_mount_rw();
 @rename("{$snortdir}/threshold.conf-sample", "{$snortdir}/threshold.conf");
 @rename("{$snortdir}/sid-msg.map-sample", "{$snortdir}/sid-msg.map");
 @rename("{$snortdir}/unicode.map-sample", "{$snortdir}/unicode.map");
+@rename("{$snortdir}/file_magic.conf-sample", "{$snortdir}/file_magic.conf");
 @rename("{$snortdir}/classification.config-sample", "{$snortdir}/classification.config");
 @rename("{$snortdir}/generators-sample", "{$snortdir}/generators");
 @rename("{$snortdir}/reference.config-sample", "{$snortdir}/reference.config");
@@ -123,6 +101,7 @@ unlink_if_exists("{$rcdir}barnyard2");
 safe_mkdir(SNORTLOGDIR);
 safe_mkdir(SNORT_IPREP_PATH);
 safe_mkdir(SNORT_SID_MODS_PATH);
+safe_mkdir(SNORT_APPID_ODP_PATH);
 
 /* If installed, absorb the Snort Dashboard Widget into this package */
 /* by removing it as a separately installed package.                 */
@@ -263,8 +242,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
 	$config['widgets']['sequence'] .= ",{$snort_widget_container}";
 
 /* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.5";
-write_config("Snort pkg v3.1.5: post-install configuration saved.");
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2";
+write_config("Snort pkg v3.2: post-install configuration saved.");
 
 /* Done with post-install, so clear flag */
 unset($g['snort_postinstall']);
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 75e4902d..9f6879ef 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -341,6 +341,10 @@ if ($_POST['ResetAll']) {
 	$pconfig['smtp_log_rcpt_to'] = 'on';
 	$pconfig['smtp_log_filename'] = 'on';
 	$pconfig['smtp_log_email_hdrs'] = 'on';
+	$pconfig['appid_preproc'] = "off";
+	$pconfig['sf_appid_mem_cap'] = "256";
+	$pconfig['sf_appid_statslog'] = "on";
+	$pconfig['sf_appid_stats_period'] = "300";
 	$pconfig['sf_portscan'] = "off";
 	$pconfig['pscan_protocol'] = "all";
 	$pconfig['pscan_type'] = "all";
@@ -439,6 +443,14 @@ if ($_POST['save']) {
 			$input_errors[] = gettext("The value for SMTP Decoder E-Mail Headers Log Depth must be between 0 and 20,480.");
 	}
 
+	// Validate AppID parameter values if AppID Detector is enabled
+	if ($_POST['appid_preproc'] == 'on') {
+		if ($_POST['sf_appid_mem_cap'] < 32 || $_POST['sf_appid_mem_cap'] > 3000)
+			$input_errors[] = gettext("The value for Application ID Memory Cap must be between 32 and 3000.");
+		if ($_POST['sf_appid_stats_period'] < 60 || $_POST['sf_appid_stats_period'] > 3600)
+			$input_errors[] = gettext("The value for Application ID Stats Period must be between 60 and 3600.");
+	}
+
 	/* if no errors write to conf */
 	if (!$input_errors) {
 		/* post new options */
@@ -481,6 +493,8 @@ if ($_POST['save']) {
 		if ($_POST['smtp_bitenc_decode_depth'] != "") { $natent['smtp_bitenc_decode_depth'] = $_POST['smtp_bitenc_decode_depth']; }else{ $natent['smtp_bitenc_decode_depth'] = "0"; }
 		if ($_POST['smtp_uu_decode_depth'] != "") { $natent['smtp_uu_decode_depth'] = $_POST['smtp_uu_decode_depth']; }else{ $natent['smtp_uu_decode_depth'] = "0"; }
 		if ($_POST['smtp_email_hdrs_log_depth'] != "") { $natent['smtp_email_hdrs_log_depth'] = $_POST['smtp_email_hdrs_log_depth']; }else{ $natent['smtp_email_hdrs_log_depth'] = "1464"; }
+		if ($_POST['sf_appid_mem_cap'] != "") { $natent['sf_appid_mem_cap'] = $_POST['sf_appid_mem_cap']; }else{ $natent['sf_appid_mem_cap'] = "256"; }
+		if ($_POST['sf_appid_stats_period'] != "") { $natent['sf_appid_stats_period'] = $_POST['sf_appid_stats_period']; }else{ $natent['sf_appid_stats_period'] = "300"; }
 
 		// Set SDF inspection types
 		$natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
@@ -525,6 +539,8 @@ if ($_POST['save']) {
 		$natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off';
 		$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
 		$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
+		$natent['appid_preproc'] = $_POST['appid_preproc'] ? 'on' : 'off';
+		$natent['sf_appid_statslog'] = $_POST['sf_appid_statslog'] ? 'on' : 'off';
 
 		if (isset($id) && isset($a_nat[$id])) {
 			$a_nat[$id] = $natent;
@@ -685,14 +701,14 @@ if ($savemsg) {
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Performance Stats"); ?></td>
 		<td width="78%" class="vtable"><input name="perform_stat" type="checkbox" value="on" 
-			<?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>/>
 			<?php echo gettext("Collect Performance Statistics for this interface."); ?></td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Protect Customized Preprocessor Rules"); ?></td>
 		<td width="78%" class="vtable"><input name="protect_preproc_rules" type="checkbox" value="on" 
 			<?php if ($pconfig['protect_preproc_rules']=="on") echo "checked "; 
-			if ($vrt_enabled <> 'on') echo "disabled"; ?>>
+			if ($vrt_enabled <> 'on') echo "disabled"; ?>/>
 			<?php echo gettext("Check this box if you maintain customized preprocessor text rules files for this interface."); ?>
 			<table width="100%" border="0" cellpadding="2" cellpadding="2">
 				<tr>
@@ -709,7 +725,7 @@ if ($savemsg) {
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Rule Disable"); ?></td>
 		<td width="78%" class="vtable"><input name="preproc_auto_rule_disable" type="checkbox" value="on" 
-			<?php if ($pconfig['preproc_auto_rule_disable']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['preproc_auto_rule_disable']=="on") echo "checked"; ?>/>
 			<?php echo gettext("Auto-disable text rules dependent on disabled preprocessors for this interface.  "); 
 			echo gettext("Default is ") . '<strong>' . gettext("Not Checked"); ?></strong>.<br/>
 			<table width="100%" border="0" cellpadding="2" cellpadding="2">
@@ -739,7 +755,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
 		<td width="78%" class="vtable"><input name="host_attribute_table"
 			type="checkbox" value="on" id="host_attribute_table" onclick="host_attribute_table_enable_change();" 
-			<?php if ($pconfig['host_attribute_table']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['host_attribute_table']=="on") echo "checked"; ?>/>
 			<?php echo gettext("Use a Host Attribute Table file to auto-configure applicable preprocessors.  " .
 				"Default is "); ?><strong><?php echo gettext("Not Checked"); ?></strong>.</td>
 	</tr>
@@ -823,7 +839,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
 		<td width="78%" class="vtable"><input name="http_inspect" 
 			type="checkbox" value="on" id="http_inspect" onclick="http_inspect_enable_change();" 
-			<?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked";?>>
+			<?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked";?>/>
 			<?php echo gettext("Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.  Default is ");?>
 			<strong><?php echo gettext("Checked"); ?></strong>.</td>
 	</tr>
@@ -831,7 +847,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Proxy Alert"); ?></td>
 		<td width="78%" class="vtable"><input name="http_inspect_proxy_alert" 
 			type="checkbox" value="on" id="http_inspect_proxy_alert"  
-			<?php if ($pconfig['http_inspect_proxy_alert']=="on") echo "checked";?>>
+			<?php if ($pconfig['http_inspect_proxy_alert']=="on") echo "checked";?>/>
 			<?php echo gettext("Enable global alerting on HTTP server proxy usage.  Default is ");?>
 			<strong><?php echo gettext("Not Checked"); ?></strong>.<br/><br/><span class="red"><strong>
 			<?php echo gettext("Note: ") . "</strong></span>" . gettext("By adding Server Configurations below and enabling " . 
@@ -916,7 +932,7 @@ if ($savemsg) {
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable");?></td>
 		<td width="78%" class="vtable"><input name="frag3_detection" type="checkbox" value="on" onclick="frag3_enable_change();" 
-		<?php if ($pconfig['frag3_detection']=="on") echo "checked";?>>
+		<?php if ($pconfig['frag3_detection']=="on") echo "checked";?>/>
 		<?php echo gettext("Use Frag3 Engine to detect IDS evasion attempts via target-based IP packet fragmentation.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>.";?></td>
 	</tr>
@@ -984,14 +1000,14 @@ if ($savemsg) {
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
 		<td width="78%" class="vtable"><input name="stream5_reassembly" type="checkbox" value="on" onclick="stream5_enable_change();"  
-			<?php if ($pconfig['stream5_reassembly']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['stream5_reassembly']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Use Stream5 session reassembly for TCP, UDP and/or ICMP traffic.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
 	<tr id="stream5_flushonalert_row">
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Flush On Alert"); ?></td>
 		<td width="78%" class="vtable"><input name="stream5_flush_on_alert" type="checkbox" value="on"   
-			<?php if ($pconfig['stream5_flush_on_alert']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['stream5_flush_on_alert']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Flush a TCP stream when an alert is generated on that stream.  Default is ") . 
 		"<strong>" . gettext("Not Checked") . "</strong><br/><span class=\"red\"><strong>" . 
 		gettext("Note:  ") . "</strong></span>" . gettext("This parameter is for backwards compatibility.");?></td>
@@ -1135,6 +1151,53 @@ if ($savemsg) {
 			</table>
 		</td>
 	</tr>
+
+	<tr>
+		<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Application ID Detection"); ?></td>
+	</tr>
+	<tr>
+		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+		<td width="78%" class="vtable"><input name="appid_preproc" onclick="appid_preproc_enable_change();" 
+			type="checkbox" value="on" id="appid_preproc"  
+			<?php if ($pconfig['appid_preproc']=="on") echo "checked"; ?>/>
+		<?php echo gettext("Use OpenAppID to detect various applications.  Default is ") . 
+		"<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
+	</tr>
+	<tbody id="appid_rows">
+	<tr>
+		<td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+		<td class="vtable">
+			<input name="sf_appid_mem_cap" type="text" class="formfld unknown" id="sf_appid_mem_cap" size="9" 
+			value="<?=htmlspecialchars($pconfig['sf_appid_mem_cap']);?>">
+			<?php echo gettext("Memory for App ID structures.  Min is ") . "<strong>" . gettext("32") . "</strong>" .
+			gettext(" (32 MB) and Max is ") . "<strong>" . gettext("3000") . "</strong>" .
+			gettext(" (3 GB) bytes.");?><br/>
+			<?php echo gettext("The memory cap in megabytes used by AppID internal structures " .
+			"in RAM. Default value is ") . "<strong>" . gettext("256") . "</strong>" . gettext(" (256 MB)."); ?><br/>
+		</td>
+	</tr>
+	<tr>
+		<td width="22%" valign="top" class="vncell"><?php echo gettext("AppID Stats Logging"); ?></td>
+		<td width="78%" class="vtable">
+			<input name="sf_appid_statslog" type="checkbox" value="on" id="sf_appid_statslog" 
+			<?php if ($pconfig['sf_appid_statslog']=="on") echo "checked"; ?>/>
+		<?php echo gettext("Enable OpenAppID statistics logging.  Default is ") . 
+		"<strong>" . gettext("Checked") . "</strong>" . gettext("."); ?><br/><br/>
+		<span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("log size and retention limits for AppID Stats Logging") . 
+		gettext(" can be set on the ") . "<a href='/snort/snort_log_mgmt.php'>" . gettext("LOG MGMT") . "</a>" . gettext(" tab.");?> </td>
+	</tr>
+	<tr>
+		<td valign="top" class="vncell"><?php echo gettext("AppID Stats Period"); ?></td>
+		<td class="vtable">
+			<input name="sf_appid_stats_period" type="text" class="formfld unknown" id="sf_appid_stats_period" size="9" 
+			value="<?=htmlspecialchars($pconfig['sf_appid_stats_period']);?>">
+			<?php echo gettext("Bucket size in seconds for AppID stats.  Min is ") . "<strong>" . gettext("60") . "</strong>" .
+			gettext(" (1 minute) and Max is ") . "<strong>" . gettext("3600") . "</strong>" . gettext(" (1 hour).");?><br/>
+			<?php echo gettext("The bucket size in seconds used to collecxt AppID statistics. " .
+			"Default value is ") . "<strong>" . gettext("300") . "</strong>" . gettext(" (5 minutes)."); ?><br/>
+		</td>
+	</tr>
+	</tbody>
 	<tr>
 		<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Portscan Detection"); ?></td>
 	</tr>
@@ -1142,7 +1205,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
 		<td width="78%" class="vtable"><input name="sf_portscan" onclick="sf_portscan_enable_change();" 
 			type="checkbox" value="on" id="sf_portscan"   
-			<?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Use Portscan Detection to detect various types of port scans and sweeps.  Default is ") . 
 		"<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
 	</tr>
@@ -1287,14 +1350,14 @@ if ($savemsg) {
 	<tr id="ftp_telnet_row_encrypted_check">
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Check Encrypted Traffic"); ?></td>
 		<td width="78%" class="vtable"><input name="ftp_telnet_check_encrypted" type="checkbox" value="on" 
-			<?php if ($pconfig['ftp_telnet_check_encrypted']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['ftp_telnet_check_encrypted']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Continue to check an encrypted session for subsequent command to cease encryption.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
 	<tr id="ftp_telnet_row_encrypted_alert">
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Alert on Encrypted Commands"); ?></td>
 		<td width="78%" class="vtable"><input name="ftp_telnet_alert_encrypted" type="checkbox" value="on" 
-			<?php if ($pconfig['ftp_telnet_alert_encrypted']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['ftp_telnet_alert_encrypted']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Alert on encrypted FTP and Telnet command channels.  Default is ") . 
 		"<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
 	</tr>
@@ -1304,14 +1367,14 @@ if ($savemsg) {
 	<tr id="ftp_telnet_row_normalize">
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Normalization"); ?></td>
 		<td width="78%" class="vtable"><input name="ftp_telnet_normalize" type="checkbox" value="on" 
-			<?php if ($pconfig['ftp_telnet_normalize']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['ftp_telnet_normalize']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Normalize Telnet traffic by eliminating Telnet escape sequences.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
 	<tr id="ftp_telnet_row_detect_anomalies">
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Detect Anomalies"); ?></td>
 		<td width="78%" class="vtable"><input name="ftp_telnet_detect_anomalies" type="checkbox" value="on" 
-			<?php if ($pconfig['ftp_telnet_detect_anomalies']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['ftp_telnet_detect_anomalies']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Alert on Telnet subnegotiation begin without corresponding subnegotiation end.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
@@ -1423,7 +1486,7 @@ if ($savemsg) {
 				 echo "checked";
 			      elseif ($vrt_enabled == "off")
 				 echo "disabled";
-			?>>
+			?>/>
 			<?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?>
 		<br/>
 		<span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") . 
@@ -1458,7 +1521,7 @@ if ($savemsg) {
 			<input name="sdf_mask_output" type="checkbox" value="on" 
 			<?php if ($pconfig['sdf_mask_output'] == "on")
 				 echo "checked";
-			?>>
+			?>/>
 			<?php echo gettext("Replace all but last 4 digits of PII with \"X\"s on credit card and Social Security Numbers. ") . 
 			gettext("Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?>
 		</td>
@@ -1756,40 +1819,40 @@ if ($savemsg) {
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable RPC Decode and Back Orifice detector"); ?></td>
 		<td width="78%" class="vtable"><input name="other_preprocs" type="checkbox" value="on" 
-			<?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>/>
 		<?php echo gettext("Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DCE/RPC2 Detection"); ?></td>
 		<td width="78%" class="vtable"><input name="dce_rpc_2" type="checkbox" value="on" 
-			<?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>/>
 		<?php echo gettext("The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SIP Detection"); ?></td>
 		<td width="78%" class="vtable"><input name="sip_preproc" type="checkbox" value="on" 
-			<?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>/>
 		<?php echo gettext("The SIP preprocessor decodes SIP traffic and detects vulnerabilities.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable GTP Detection"); ?></td>
 		<td width="78%" class="vtable"><input name="gtp_preproc" type="checkbox" value="on" 
-			<?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?>/>
 		<?php echo gettext("The GTP preprocessor decodes GPRS Tunneling Protocol traffic and detects intrusion attempts."); ?></td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SSH Detection"); ?></td>
 		<td width="78%" class="vtable"><input name="ssh_preproc" type="checkbox" value="on" 
-			<?php if ($pconfig['ssh_preproc']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['ssh_preproc']=="on") echo "checked"; ?>/>
 		<?php echo gettext("The SSH preprocessor detects various Secure Shell exploit attempts."); ?></td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNS Detection"); ?></td>
 		<td width="78%" class="vtable"><input name="dns_preprocessor" type="checkbox" value="on" 
-			<?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>/>
 		<?php echo gettext("The DNS preprocessor decodes DNS response traffic and detects vulnerabilities.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
 	</tr>
@@ -1797,7 +1860,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SSL Data"); ?></td>
 		<td width="78%" class="vtable">
 			<input name="ssl_preproc" type="checkbox" value="on"  
-			<?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>/>
 		<?php echo gettext("SSL data searches for irregularities during SSL protocol exchange.  Default is ") . 
 		"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>	
 	</tr>
@@ -1808,7 +1871,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Modbus Detection"); ?></td>
 		<td width="78%" class="vtable">
 			<input name="modbus_preproc" type="checkbox" value="on" 
-			<?php if ($pconfig['modbus_preproc']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['modbus_preproc']=="on") echo "checked"; ?>/>
 			<?php echo gettext("Modbus is a protocol used in SCADA networks.  The default port is TCP 502.") . "<br/>" . 
 		  	"<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . 
 			gettext("If your network does not contain Modbus-enabled devices, you can leave this preprocessor disabled."); ?>
@@ -1818,7 +1881,7 @@ if ($savemsg) {
 		<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNP3 Detection"); ?></td>
 		<td width="78%" class="vtable">
 			<input name="dnp3_preproc" type="checkbox" value="on" 
-			<?php if ($pconfig['dnp3_preproc']=="on") echo "checked"; ?>>
+			<?php if ($pconfig['dnp3_preproc']=="on") echo "checked"; ?>/>
 			<?php echo gettext("DNP3 is a protocol used in SCADA networks.  The default port is TCP 20000.") . "<br/>" . 
 		  	"<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . 
 			gettext("If your network does not contain DNP3-enabled devices, you can leave this preprocessor disabled."); ?>
@@ -1833,7 +1896,7 @@ if ($savemsg) {
 			<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo 
 			gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . 
 			gettext("WARNING:  This will reset ALL preprocessor settings to their defaults.  Click OK to continue or CANCEL to quit.") . 
-			"');\""; ?>></td>
+			"');\""; ?>/></td>
 	</tr>
 	<tr>
 		<td width="22%" valign="top">&nbsp;</td>
@@ -1978,12 +2041,20 @@ function http_inspect_enable_change() {
 	var endis = !(document.iform.http_inspect.checked);
 	document.iform.http_inspect_memcap.disabled=endis;
 
-	// Hide the "icmp session timeout " row if stream5_track_icmp disabled
-	if (endis) {
-		document.getElementById("httpinspect_memcap_row").style.display="none";
-		document.getElementById("httpinspect_maxgzipmem_row").style.display="none";
-		document.getElementById("httpinspect_proxyalert_row").style.display="none";
-		document.getElementById("httpinspect_engconf_row").style.display="none";
+	if (!document.iform.http_inspect.checked) {
+		var msg = "WARNING:  Disabling the http_inspect preprocessor is not recommended!\n\n";
+		msg = msg + "Snort may fail to start because of other dependent preprocessors or ";
+		msg = msg + "rule options.  Are you sure you want to disable it?\n\n";
+		msg = msg + "Click OK to disable http_inspect, or CANCEL to quit.";
+		if (!confirm(msg)) {
+			document.iform.http_inspect.checked=true;
+		}
+		else {
+			document.getElementById("httpinspect_memcap_row").style.display="none";
+			document.getElementById("httpinspect_maxgzipmem_row").style.display="none";
+			document.getElementById("httpinspect_proxyalert_row").style.display="none";
+			document.getElementById("httpinspect_engconf_row").style.display="none";
+		}
 	}
 	else {
 		document.getElementById("httpinspect_memcap_row").style.display="table-row";
@@ -2013,6 +2084,16 @@ function sf_portscan_enable_change() {
 	}
 }
 
+function appid_preproc_enable_change() {
+	var endis = !(document.iform.appid_preproc.checked);
+
+	// Hide the AppID configuration rows if appid_preproc disabled
+	if (endis)
+		document.getElementById("appid_rows").style.display="none";
+	else
+		document.getElementById("appid_rows").style.display="";
+}
+
 function stream5_enable_change() {
 	if (!document.iform.stream5_reassembly.checked) {
 		var msg = "WARNING:  Stream5 is a critical preprocessor, and disabling it is not recommended!  ";
@@ -2020,7 +2101,8 @@ function stream5_enable_change() {
 		msg = msg + "    SMTP\t\tPOP\t\tSIP\n";
 		msg = msg + "    SENSITIVE_DATA\tSF_PORTSCAN\tDCE/RPC 2\n";
 		msg = msg + "    IMAP\t\tDNS\t\tSSL\n";
-		msg = msg + "    GTP\t\tDNP3\t\tMODBUS\n\n";
+		msg = msg + "    GTP\t\tDNP3\t\tMODBUS\n";
+		msg = msg + "    APP_ID\n\n";
 		msg = msg + "Snort may fail to start because of other preprocessors or rule options dependent on Stream5.  ";
 		msg = msg + "Are you sure you want to disable it?\n\n";
 		msg = msg + "Click OK to disable Stream5, or CANCEL to quit.";
@@ -2039,6 +2121,7 @@ function stream5_enable_change() {
 			document.iform.dns_preprocessor.checked=false;
 			document.iform.modbus_preproc.checked=false;
 			document.iform.dnp3_preproc.checked=false;
+			document.iform.appid_preproc.checked=false;
 			document.iform.sf_portscan.checked=false;
 			sf_portscan_enable_change();
 		}
@@ -2147,6 +2230,7 @@ function smtp_enable_change() {
 function enable_change_all() {
 	http_inspect_enable_change();
 	sf_portscan_enable_change();
+	appid_preproc_enable_change();
 
 	// -- Enable/Disable Host Attribute Table settings --
 	host_attribute_table_enable_change();
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 681c691f..b9050b35 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -36,6 +36,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
 global $g, $rebuild_rules;
 
 $snortdir = SNORTDIR;
+$snortbindir = SNORT_PBI_BINDIR;
 $rules_map = array();
 $categories = array();
 $pconfig = array();
@@ -400,7 +401,7 @@ elseif ($_POST['save']) {
 	$rebuild_rules = false;
 	$output = "";
 	$retcode = "";
-	exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
+	exec("{$snortbindir}snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
 	if (intval($retcode) != 0) {
 		$error = "";
 		$start = count($output);
@@ -412,8 +413,7 @@ elseif ($_POST['save']) {
 	else {
 		/* Soft-restart Snort to live-load new rules */
 		snort_reload_config($a_rule[$id]);
-		$savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. ");
-		$savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules.");
+		$savemsg = gettext("Custom rules validated successfully and any active Snort process on this interface has been signalled to live-load the new rules.");
 	}
 
 	clear_subsystem_dirty('snort_rules');
@@ -443,6 +443,9 @@ else if ($_POST['apply']) {
 
 	// Sync to configured CARP slaves if any are enabled
 	snort_sync_on_changes();
+
+	if (snort_is_running($snort_uuid, $if_real))
+		$savemsg = gettext("Snort is 'live-reloading' the new rule set.");
 }
 
 include_once("head.inc");
diff --git a/config/snort/snort_sid_mgmt.php b/config/snort/snort_sid_mgmt.php
index ea1a5b99..016cc96d 100644
--- a/config/snort/snort_sid_mgmt.php
+++ b/config/snort/snort_sid_mgmt.php
@@ -294,6 +294,11 @@ if ($savemsg) {
 		<div id="mainarea">
 		<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
 			<tbody>
+		<?php if ($g['platform'] == "nanobsd") : ?>
+			<tr>
+				<td colspan="2" class="listtopic"><?php echo gettext("SID auto-management is not supported on NanoBSD installs"); ?></td>
+			</tr>
+		<?php else: ?>
 			<tr>
 				<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
 			</tr>
@@ -568,6 +573,7 @@ if ($savemsg) {
 				&nbsp;&nbsp;<?=gettext("Remember to save changes before exiting this page"); ?>
 				</td>
 			</tr>
+		<?php endif; ?>
 			</tbody>
 		</table>
 		</div>
@@ -576,8 +582,9 @@ if ($savemsg) {
 </table>
 </form>
 
-
 <?php include("fend.inc"); ?>
+
+<?php if ($g['platform'] != "nanobsd") : ?>
 <script type="text/javascript">
 
 function enable_sid_conf() {
@@ -593,5 +600,7 @@ function enable_sid_conf() {
 enable_sid_conf();
 
 </script>
+<?php endif; ?>
+
 </body>
 </html>
-- 
cgit v1.2.3


From 7873425f722a93dfd150b8addd361d839f9c9ceb Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 15 Dec 2014 11:50:58 -0500
Subject: Store OpenAppID files under SNORTDIR with other rules.

---
 config/snort/snort_defs.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc
index aa4b2dc9..43ecada6 100644
--- a/config/snort/snort_defs.inc
+++ b/config/snort/snort_defs.inc
@@ -57,7 +57,7 @@ if (!defined("SNORT_SID_MODS_PATH"))
 if (!defined("SNORT_IPREP_PATH"))
 	define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/");
 if (!defined('SNORT_APPID_ODP_PATH'))
-	define('SNORT_APPID_ODP_PATH', "{$g['vardb_path']}/snort/app/");
+	define('SNORT_APPID_ODP_PATH', SNORTDIR . "/appid/");
 
 // Rules filenames, download URLs and prefixes.
 // Be sure to include the trailing backslash on URLs.
-- 
cgit v1.2.3