Snort won't download ruleset
-
Hi all,
I've had Snort installed for a while now. But, I had never configured it. A couple of days ago, I updated to the latest 2.9.2.3. I'm running on 64 bit 2.0.1 pfSense. I added in my Oinkmaster code. But, when I try to update the rules, it runs very quickly and says that it finished. However, the "Installed Signature Ruleset" shows N/A. Is this normal? I've tried rebooting, removing, and re-installing the package with the same results.
Thanks,
Jeff
-
For testing if you have not selected 'Select Install Emergingthreats rules', select it in Global Settings.
Click Save.
Then try again Update rules. -
Just reinstall the package and should be fine.
-
"I've tried rebooting, removing, and re-installing the package with the same results."
After selecting the Emergingthreats rules, it successfully downloads those rules. Now on the Update Tab, it shows:
SNORT.ORG >>> N/A
EMERGINGTHREATS.NET >>> 108bf1fd5ba0ec4d8d304232053459cd -
You should have the issue in the system log.
-
What should I expect to see in the system logs?
Here's the last few days:
Jul 12 12:03:03 php: : Emergingthreats rules file update downloaded succsesfully
Jul 12 12:03:03 php: : Snort has restarted with your new set of rules…
Jul 13 00:03:02 php: : Emergingthreats rules file update downloaded succsesfully
Jul 13 00:03:02 php: : Snort has restarted with your new set of rules...
Jul 14 00:03:03 php: : Emergingthreats rules file update downloaded succsesfully
Jul 14 00:03:03 php: : Snort has restarted with your new set of rules...
Jul 15 20:31:04 php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.56.6
Jul 15 20:31:04 php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.56.6I just did a manual update and it doesn't show anything in the logs...
-
Update:
I just removed the package and installed the latest version. Now I'm getting this message every time I try to manually update:
"php: /snort/snort_download_rules.php: Please wait… You may only check for New Rules every 15 minutes..."
Yes, I've waited the 15 minutes in between tries.
-
try this:
http://forum.pfsense.org/index.php/topic,51472.msg275191.html#msg275191 -
Update:
I just removed the package and installed the latest version. Now I'm getting this message every time I try to manually update:
"php: /snort/snort_download_rules.php: Please wait… You may only check for New Rules every 15 minutes..."
Yes, I've waited the 15 minutes in between tries.
I had this exact problem at one point somehow my oink code was bad. I had the premium service and it had expired. I just re-registered the service at snort.org and everything worked fine after that.
-
i had the same problem, but entering my snort-code newly fixed it.
-
I followed Cino's link to completely remove Snort and re-installed. = Same Issue
Tried creating new Snort account and generated a new oinkcode = Same Issue.