Snort Rules update Broken
-
I'm having trouble using the update rules for snort. When I do a manual update the updater gets through a few small files to then while downloading the larger rules package it sticks and the status bar stops moving. I've set the auto-update to download every 6hrs but that doesn't do anything either. Every time I go to the update rules tab in snort it gives me a warning that /usr/local/etc/snort/rules is empty.
I've manually downloaded the snort rules to an FTP server then downloaded & unpacked it into /usr/local/etc/snort/rules and the update rules tab has stopped complaining but I'm not sure if
- The rules have been installed correctly into the right directory
- The rules will ever be updated automatically
PFSense 1.2.3-RELEASE
Snort 2.8.6 pkg v. 1.30 -
Manual update: http://forum.pfsense.org/index.php/topic,26382.msg137567.html#msg137567
…and the update feature of Snort is discussed heavily in that thread - all you need to know should be in there.
-
Your problem is with v1.30, and isn't the same as the recent broken update issue. From the "things to try" camp, you might remove the snort package and reinstall it (with or without saving your config). I was using v1.27, updated to v1.30 and it's working fine for me.
-
Thanks guys - Manual update worked in the end, auto still not happening up until now. Maybe now that there's a rule set in place the auto updates will roll in? We'll see in ~6 hrs I guess.
