Snort Problems
-
Actually, try using these instructions to manually update the rules.
http://forum.pfsense.org/index.php?topic=15464.0 or
http://doc.pfsense.org/index.php/Why_won't_snort_properly_download_rules%3F
You'll have to use a shell but don't need to reboot at the end. Just go to the snort page and click "save" for it to load the rules.
I have the same issue - brand new installation of Pfsense using 2.8.4.1_5 pkg v.1.7 from the packages section. I've tried every 3 hours today, and no go. Let us know if someone needs logs or command output - I'm not much of a coder, but I can follow directions. :)
-
I looked at the code, but things have changed so much since I last messed with the snort package, that it's not going to be worth my effort to screw around with. I'm just downloading the rules manually for now.
-
Tried updating the rules manually, and getting this error:
snort[63763]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine.
Any thoughts? I tried uninstalling/reinstalling, same thing. Might not be related.
Edit: resolved by deleting /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
-
I have the same probléme. the manuelly upgrade not work and snort don't work normally.
Anybody can help me -
Tried updating the rules manually, and getting this error:
snort[63763]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine.
Any thoughts? I tried uninstalling/reinstalling, same thing. Might not be related.
Edit: resolved by deleting /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
I have the exact same error. I did the same thing and renamed/deleted the file.
-
:( I tryed the manual update and does not seem to work for me .What happened with snort it worked so well for so long and the last time i stopped using Pfsense was because of this same problem .I have no idea why people have to play with things when they work perfectly .
Has anyone found out the problem yet .Snort still will not update and there is no errors .. -
Thanks JustinHoMi,
Worked perfectly! :)
-
I had the same problem.
solved by changing to basic rules in Global Configuration tab
-
I had the same problem.
solved by changing to basic rules in Global Configuration tab
Doesn't premium rules require a subscription? (And NOT just an Oinkcode=registration)
-
With the premium rules, I am noticing I am not able to update them and I keep getting errors of:
Directory so_rules does not exist…
Error copying so_rules...
I use the basic and it updates fine. I know snort came up with a new program two days ago.
-
Lost: Broke for me too but I manually fixed it in this thread.http://forum.pfsense.org/index.php/topic,24434.15.html
-
Hello all…
I am running 1.2.3 with snort 2.8.5.3 v1.22 (upgraded two days ago after the so directory error appeared).
I cannot update my rules when I have the "Premium Rules" box check (despite being a snort VRT subscriber). I had to select "Basic Rules" in order to get the updates.
Right now I am not sure I am getting the most recent/up-to-date rules from snort, or if I am getting the 30-day (non-subscriber) rules. I know there are different URLs for the rule snapshots depending on if you are just registered or if you are a subscriber.
I see others are having this problem, but I have not seen a definite fix. Any suggestion?
-
Good news! Just saw an updated snort package is out. Version 2.8.5.3 pkg v. 1.23 is working with Premium Rules. Not only was I able to download all the rules, but snort started with no errors when I enabled every category (with defaults) on the WAN interface.
Thanks to the pfSense team for an awesome product!