Snort update
-
Hello
I upgrade my system from 1.2 into 1.2.1 recently, also I install few program including snort.
After I check all the option and entering my Oink Code I try to update the rules but why the rules did not updating even though I leave the computer using Firefox 3 or Mozilla Seamonkey for hours. Is there a problem with my system, and could someone could give me any suggestion about this. Thanks -
I have seen the snort download of the rules fail intermittently for some systems and work on others. My suggestion would be to keep trying and also double check your oink code.
-
this was an earlier post, it worked for me
to get snort to work on pfsense you may need to edit
Edit /etc/inc/system.inc
Find the line reading:
server.dir-listing = "disable"
and put underneath it a new line reading:
server.max-write-idle = 720 -
changing server.max-write-idle doesn't work for me. The moment I add this to system.inc and restart the webconfigurator, the webapp doesn't come up. Removing this from system.inc the webapp functions normally.
Also, i'm downloading the rules from snort.org manually now and i'm getting about 90kps avg (50kps is some places) and the webapp times out before it can grab about 73MB of rules. This really needs to be addressed soon.
Also, Devels, can we get a lighttpd config panel in the webapp please?
Also, in system.inc is it
server.max-write-idle = "720"
or
server.max-write-idle = 720
with or without quotes?
-
I had to use:
server.max-write-idle = 1200
(no quotes)in order to get one of my systems to download the rules. It's on a heavily loaded T1 and it took forever to finish.
-
My snort never update database, try 720 1200, but screen updating stay hours and hours and never finish, oh god, looking for a miracle to this work…
-
If you set it for 720, it should wait 12 minutes (6012=720)
If you set it for 1200, it should wait 20 minutes (6020=1200)If you are waiting longer than that on the WebGUI, it didn't work.
You might try some even higher times (1800 for 30min, 2700 for 45min, 3600 for 60min)
But don't wait much longer than the timeout you set, there is no point in letting it sit longer as it has already timed out, but not reloaded the page.
-
i'm having excatly the same problem…
and i have to restart the pfsense from ssh since the web configurator hang when the updates was downloading forever... ??? -
I have exactly to same problem. Web GUI hung then I have to restart pfsense. I try to download rule manually the size is about 70 MB.
Snort server reject me before download finish with error message tell me that I have to wail the next try for an hour. -
server.max-write-idle = 720 worked for me also. 6 min later, all working well. Should I leave the setting or remove it?
-
This has been fixed in the latest Snort package just updated yesterday. You may also need a change that's only in 1.2.3 snapshots.
-
@cmb:
This has been fixed in the latest Snort package just updated yesterday. You may also need a change that's only in 1.2.3 snapshots.
When i'm updating the snort rules, and keep in mind that i'm a subscriber i'm not getting the "_s" version or am i?
here's what it gives me:
http://www.snort.org/pub-bin/oinkmaster.cgi/"subscriber id"/snortrules-snapshot-2.8.tar.gz
the subscriber snapshot should be something like this if i get it from snort.org itself manually:
http://www.snort.org/pub-bin/downloads.cgi/Download/sub_rules/snortrules-snapshot-CURRENT_s.tar.gz
-
i wanted to say thanks for this, i wasn't able to update snort until making this edit
thanks
changing server.max-write-idle doesn't work for me. The moment I add this to system.inc and restart the webconfigurator, the webapp doesn't come up. Removing this from system.inc the webapp functions normally.
Also, i'm downloading the rules from snort.org manually now and i'm getting about 90kps avg (50kps is some places) and the webapp times out before it can grab about 73MB of rules. This really needs to be addressed soon.
Also, Devels, can we get a lighttpd config panel in the webapp please?
Also, in system.inc is it
server.max-write-idle = "720"
or
server.max-write-idle = 720
with or without quotes?