Snort update
-
this was an earlier post, it worked for me
to get snort to work on pfsense you may need to edit
Edit /etc/inc/system.inc
Find the line reading:
server.dir-listing = "disable"
and put underneath it a new line reading:
server.max-write-idle = 720 -
changing server.max-write-idle doesn't work for me. The moment I add this to system.inc and restart the webconfigurator, the webapp doesn't come up. Removing this from system.inc the webapp functions normally.
Also, i'm downloading the rules from snort.org manually now and i'm getting about 90kps avg (50kps is some places) and the webapp times out before it can grab about 73MB of rules. This really needs to be addressed soon.
Also, Devels, can we get a lighttpd config panel in the webapp please?
Also, in system.inc is it
server.max-write-idle = "720"
or
server.max-write-idle = 720
with or without quotes?
-
I had to use:
server.max-write-idle = 1200
(no quotes)in order to get one of my systems to download the rules. It's on a heavily loaded T1 and it took forever to finish.
-
My snort never update database, try 720 1200, but screen updating stay hours and hours and never finish, oh god, looking for a miracle to this work…
-
If you set it for 720, it should wait 12 minutes (6012=720)
If you set it for 1200, it should wait 20 minutes (6020=1200)If you are waiting longer than that on the WebGUI, it didn't work.
You might try some even higher times (1800 for 30min, 2700 for 45min, 3600 for 60min)
But don't wait much longer than the timeout you set, there is no point in letting it sit longer as it has already timed out, but not reloaded the page.
-
i'm having excatly the same problem…
and i have to restart the pfsense from ssh since the web configurator hang when the updates was downloading forever... ??? -
I have exactly to same problem. Web GUI hung then I have to restart pfsense. I try to download rule manually the size is about 70 MB.
Snort server reject me before download finish with error message tell me that I have to wail the next try for an hour. -
server.max-write-idle = 720 worked for me also. 6 min later, all working well. Should I leave the setting or remove it?
-
This has been fixed in the latest Snort package just updated yesterday. You may also need a change that's only in 1.2.3 snapshots.
-
@cmb:
This has been fixed in the latest Snort package just updated yesterday. You may also need a change that's only in 1.2.3 snapshots.
When i'm updating the snort rules, and keep in mind that i'm a subscriber i'm not getting the "_s" version or am i?
here's what it gives me:
http://www.snort.org/pub-bin/oinkmaster.cgi/"subscriber id"/snortrules-snapshot-2.8.tar.gz
the subscriber snapshot should be something like this if i get it from snort.org itself manually:
http://www.snort.org/pub-bin/downloads.cgi/Download/sub_rules/snortrules-snapshot-CURRENT_s.tar.gz
-
i wanted to say thanks for this, i wasn't able to update snort until making this edit
thanks
changing server.max-write-idle doesn't work for me. The moment I add this to system.inc and restart the webconfigurator, the webapp doesn't come up. Removing this from system.inc the webapp functions normally.
Also, i'm downloading the rules from snort.org manually now and i'm getting about 90kps avg (50kps is some places) and the webapp times out before it can grab about 73MB of rules. This really needs to be addressed soon.
Also, Devels, can we get a lighttpd config panel in the webapp please?
Also, in system.inc is it
server.max-write-idle = "720"
or
server.max-write-idle = 720
with or without quotes?