• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SNORT update problem

Scheduled Pinned Locked Moved pfSense Packages
9 Posts 5 Posters 3.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dctr_mas
    last edited by Aug 3, 2011, 4:44 PM

    Hello,

    I've recently installed pfsense 2.0 RC3. It's configured and working fine.

    I just installed Snort.

    I configured all general settings to my WAN. Put in my oink code and even purchased a VRT subscription for 30$ from snort.org

    I clicked on update my rules and this is what I get

    SNORT.ORG >>>  N/A
    EMERGINGTHREATS.NET >>>  N/A
    PFSENSE.ORG >>>  "e8a95fd5f1b40e878fedeffd585134bb"

    I did install the Emergingthreats rules list in the general settings.

    Does anybody know if I need to modify the oinkmaster.conf? IS there a way to verify if it's downloading the snort package correctly.

    I apologize this is my first time using pfsense/squid/snort and I'm very happy with it.

    1 Reply Last reply Reply Quote 0
    • C
      Cino
      last edited by Aug 3, 2011, 4:51 PM

      did you see the rules under the interface setup? Categories

      if rules are there, then it downloaded them.

      I could be wrong, put your oink code determines if you get the basic or premium rules.

      1 Reply Last reply Reply Quote 0
      • D
        dctr_mas
        last edited by Aug 3, 2011, 4:57 PM

        In the categories section I see, I'm assuming this is only from the Emerging threats rule DB.
        When I log into my snort.org account it does show I purchased a VRT license for 29.99.

        Enabled Ruleset: Rules that end with "so.rules" are shared object rules.
        emerging-activex.rules
        emerging-attack_response.rules
        emerging-botcc.rules
        emerging-chat.rules
        emerging-ciarmy.rules
        emerging-compromised.rules
        emerging-current_events.rules
        emerging-deleted.rules
        emerging-dns.rules
        emerging-dos.rules
        emerging-drop.rules
        emerging-dshield.rules
        emerging-exploit.rules
        emerging-ftp.rules
        emerging-games.rules
        emerging-icmp.rules
        emerging-icmp_info.rules
        emerging-imap.rules
        emerging-inappropriate.rules
        emerging-malware.rules
        emerging-misc.rules
        emerging-mobile_malware.rules
        emerging-netbios.rules
        emerging-p2p.rules
        emerging-policy.rules
        emerging-pop3.rules
        emerging-rbn-malvertisers.rules
        emerging-rbn.rules
        emerging-rpc.rules
        emerging-scada.rules
        emerging-scan.rules
        emerging-shellcode.rules
        emerging-smtp.rules
        emerging-snmp.rules
        emerging-sql.rules
        emerging-telnet.rules
        emerging-tftp.rules
        emerging-tor.rules
        emerging-trojan.rules
        emerging-user_agents.rules
        emerging-virus.rules
        emerging-voip.rules
        emerging-web_client.rules
        emerging-web_server.rules
        emerging-web_specific_apps.rules
        emerging-worm.rules
        pfsense-voip.rules

        I have scene in other forums that snort rules start with

        snort-activex

        any help would be greatly appreciated

        1 Reply Last reply Reply Quote 0
        • C
          Cino
          last edited by Aug 3, 2011, 5:02 PM

          under Global Settings, did you check "Install Basic Rules or Premium rules " and put your oink code in "Oinkmaster code" field?

          I only use basic rules and it updating for me. I've must have updated my rules 3-4 times already today as i've been doing testing with the updated snort package.

          any errors on the update page when you Update Rules, anything in your system log?

          1 Reply Last reply Reply Quote 0
          • D
            dctr_mas
            last edited by Aug 3, 2011, 5:50 PM

            I waited a day and tried to update several times.

            After posting on this forum it seems everything is good now.

            It finally appeared

            SNORT.ORG >>>  "4e65d3dfa6cf8f804d053d7fa0c44c2e"

            yay thanks everyone for your help, guess I just had to be patient

            1 Reply Last reply Reply Quote 0
            • C
              Cino
              last edited by Aug 3, 2011, 7:02 PM

              :-) thank Emarl as he has been fixing the bugs

              1 Reply Last reply Reply Quote 0
              • M
                miles267
                last edited by Aug 4, 2011, 1:16 AM

                I've installed pfsense 1.2.3 STABLE successfully.  Everything running great.  However when I attempt to UPDATE snort after inserting my oinkcode, nothing happens.  I can click the UPDATE button as many times as I want, but it doesn't react at all.  I cannot seem to figure out how to get it to update.  Would prefer to resolve this rather than manually download the snort package and untar it, etc.  Any assistance would be appreciated.  Thanks!

                1 Reply Last reply Reply Quote 0
                • F
                  feenics
                  last edited by Sep 8, 2011, 12:21 PM

                  @miles

                  I had this problem.

                  Symptoms: Clicking the Updates >> Update Rules button does nothing (SFA) - Can't update Snort rules
                  Cause: Browser incompatibility
                  Resolution: Don't use Internet Explorer, switch to Firefox.

                  1 Reply Last reply Reply Quote 0
                  • E
                    eri--
                    last edited by Sep 8, 2011, 12:46 PM

                    I am not sure the status of snort on 1.2.3 but on 2.0 it works out.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received