Snort rules disappeared from Suricata and i cannot download them.
-
Hi, hope y'all is having a great day!
I used Suricata with Emerging and Suricata rules,
Everything was working fine until all my snort rules simply disappeared from the Rules Categories
This problem is happening on all my interfaces and i don't know how to bring them back.
I already tried to update my Snort rules and i can confirm that my Oinkcode is correct.
-
"Snort rules have not been downloaded."
-
But, as you can see, the rules are up to date
-
-
What version of the Suricata package are you running and what is the pfSense version?
-
-
@luquinhasdainfra said in Snort rules disappeared from Suricata and i cannot download them.:
Hi, @bmeeks
Pfsense 2.6.0-RELEASE
Suricata 6.0.4_1
There are two checks made in the PHP code when deciding whether to display the Snort rules or not. The first check is the Snort Rules download option being enabled on the GLOBAL SETTINGS tab. Double-check that and make sure it has not gotten inadvertently toggled to "off". The second check is that the Snort rules files exist in the Suricata rules subdirectory. In your case, it appears that second check is failing as the message says the rules have not been downloaded.
That means the Suricata GUI code is failing to detect the rules files. Look in your pfSense system log to see if there are any messages about disk space.
Next, verify the Snort rules files are present in
/usr/local/share/suricata/rules/
by looking for files prefixed withsnort_
in that subdirectory. -
I checked the directory /usr/local/share/suricata/rules/ and unfortunately i didn't find any snort_ rules
The disk space is ok and the Snort Rules are enabled on the Global Settings
-
@luquinhasdainfra said in Snort rules disappeared from Suricata and i cannot download them.:
I checked the directory /usr/local/share/suricata/rules/ and unfortunately i didn't find any snort_ rules
The disk space is ok and the Snort Rules are enabled on the Global Settings
If the files are not present in that folder, then they are not downloading correctly or are not getting unpacked properly from the gzip archive. Check the Update Log available on the UPDATES tab to see if anything is being logged there that might provide a clue to the underlying problem.
-
Restarted the PfSense and now the rules are presented in /usr/local/share/suricata/rules/ and i activated them in the GUI
Everything is working fine, thank you for the help.