Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Emerging rules vanished!

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RonpfSR
      RonpfS
      last edited by

      I modify a suppress list this morning, stop Snort 2.9.1 pkg v. 2.0.2 , start it I get:

      2011-12-12 12:36:50	Daemon.Error	x.x.x.x snort[58089]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_18203_pppoe0//usr/local/etc/snort/snort_18203_pppoe0/rules/emerging-activex.rules": No such file or directory.

      It would not start, the /usr/local/etc/snort/snort_18203_pppoe0/rules/emerging* rules were gone.  ???
      Try to Update the rules to no avail.

      In the end I removed the /usr/local/etc/snort/emerging.rules.tar.gz.md5, Update the rules and snort started ok.

      2.4.5-RELEASE-p1 (amd64)
      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        Again today, I stop snort and the Emergings rules were gone !!!!

        One other issue I have is that when I change the Update from 12Hrs to 1 Day, snort still update every 12hrs.

        The only thing that change in the conf is :

        - <autorulesupdate7>12h_up</autorulesupdate7>
+ <autorulesupdate7>1d_up</autorulesupdate7>

        this section remain unchanged

        		 <minute>3</minute>
			<hour>*/12</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log

        I stop snort, make the change, start snort and I will see 2morrow wha happen.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • RonpfSR
          RonpfS
          last edited by

          Snort still update every 12hres  ??? !!!!

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Install cron package and see if you can change this schedule.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS
              last edited by

              Yup I can
              I'm back on 24hres update
              Thanks you

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.