Snort - Rules Update problem
-
I installed Snort Package, but the rules update stops telling "Extracting snort rules…" and the progress bar is not full...
Where is the problem with it?
-
The "Current" branch of Snort rules is no longer compatible with Snort 2.7. A change needs to be made in the configuration to make Snort retrieve the proper branch.
Unfortunately I don't know where the configuration file is kept on pfSense.See http://www.snort.org/pub-bin/downloads.cgi
and also http://www.ipcop.org/index.php?name=News&file=article&sid=38IPCop was using 2.6, but I believe it's the same problem.
Edit:
Actually I believe I found the fix-
Open /usr/local/www/snort_download_rules.php
find the following lines
$snort_filename = "snortrules-snapshot-CURRENT{$premium_subscriber}.tar.gz";
$snort_filename_md5 = "snortrules-snapshot-CURRENT.tar.gz.md5";replace it with
$snort_filename = "snortrules-snapshot-2.7{$premium_subscriber}.tar.gz";
$snort_filename_md5 = "snortrules-snapshot-2.7.tar.gz.md5"; -
I did NOT edit the snort_download_rules.php file as you tols, but now the update Page told me:
Last snort.org rule update: 2008-01-28
You last updated the ruleset: 2008-01-30
Your snort rulesets are up to date.This mean that is working as it is? I should edit the snort_download_rules.php file?
-
Sorry for the late reply.
If the snort page says you have updated you do not need to modify the file. The package maintainer probably updated the package.