Snort 2.9.4.1 Pkg 2.5.4 – Fix for SO rules version mismatch and failed startup
-
You're not doing anything wrong, Snort is working as it should for the current moment.
The reason it says N/A for the Snort.org Ruleset is because the current pfSense Snort package is at 2.9.4.1 which just came out in March but until the 30 day black out period ends for free, registered users, you wont be able to download any Snort rules for that package version. Only current way to download rules for 2.9.4.1 is to be a paid VRT Subscriber. April is almost here so I'm patiently waiting.
The Update Log has always been greyed out. A future feature that has yet been implemented, I'm assuming.
The Rules Tab will show if you hit the Edit Interface button while in the Snort Interfaces Tab.
-
You're not doing anything wrong, Snort is working as it should for the current moment.
The reason it says N/A for the Snort.org Ruleset is because the current pfSense Snort package is at 2.9.4.1 which just came out in March but until the 30 day black out period ends for free, registered users, you wont be able to download any Snort rules for that package version. Only current way to download rules for 2.9.4.1 is to be a paid VRT Subscriber. April is almost here so I'm patiently waiting.
The Update Log has always been greyed out. A future feature that has yet been implemented, I'm assuming.
Thanks for the info, I did notice that the update log has always been greyed out too! Never knew why though, thanks again.
-
You're not doing anything wrong, Snort is working as it should for the current moment.
The reason it says N/A for the Snort.org Ruleset is because the current pfSense Snort package is at 2.9.4.1 which just came out in March but until the 30 day black out period ends for free, registered users, you wont be able to download any Snort rules for that package version. Only current way to download rules for 2.9.4.1 is to be a paid VRT Subscriber. April is almost here so I'm patiently waiting.
The Update Log has always been greyed out. A future feature that has yet been implemented, I'm assuming.
The Rules Tab will show if you hit the Edit Interface button while in the Snort Interfaces Tab.
Perfect answer, thank you.
-
All seems to be working just great now. Updates (paid subscription) are good. Thanks again Bill :-)
-
Just uninstalled and reinstalled Snort 2.9.4.1 pkg v. 2.5.4 on pfSense 2.1-BETA1 (amd64) built on Fri Mar 29 14:58:31 EDT 2013
I am a Sourcefire VRT Certified Premium Rules paid subscriber but the update still says N/A for the Snort.org Ruleset when I update the rules. -
I too am a paid subscriber and am seeing the "N/A" for Snort.org rules as well. I'm going to remove snort and all configuration files and re-add to see if it makes any difference.
David
-
I jusat signed up for VRT rules and cannot get them to install after a reinstall and reconfiguration of snort. I'm currently running 2.0.2-RELEASE (amd64).
Edit: The issue may lie with my Snort account. I was unable to manually pull 2.9.4.1 rules with my Oinkmaster URL; I got an error saying I was not a subscriber, though I can manually download the 2.9.4.1 rules. I was able to pull 2.9.4.0 via Oinkmaster URL.
Edit 2: All problems with my account are cleared and I still cannot automatically download Snort 2.9.4.1 rules.
Edit 3: I had to change {$oinkid} in snort_check_for_rule_updates.php with my actual Oinkid. Then it worked.
-
snortrules-snapshot-2941.tar.gz is available to registered (as opposed to pay) users now
-
Didnt that get updated via the GUI??
I jusat signed up for VRT rules and cannot get them to install after a reinstall and reconfiguration of snort. I'm currently running 2.0.2-RELEASE (amd64).
Edit: The issue may lie with my Snort account. I was unable to manually pull 2.9.4.1 rules with my Oinkmaster URL; I got an error saying I was not a subscriber, though I can manually download the 2.9.4.1 rules. I was able to pull 2.9.4.0 via Oinkmaster URL.
Edit 2: All problems with my account are cleared and I still cannot automatically download Snort 2.9.4.1 rules.
Edit 3: I had to change {$oinkid} in snort_check_for_rule_updates.php with my actual Oinkid. Then it worked.
-
Didnt that get updated via the GUI??
I jusat signed up for VRT rules and cannot get them to install after a reinstall and reconfiguration of snort. I'm currently running 2.0.2-RELEASE (amd64).
Edit: The issue may lie with my Snort account. I was unable to manually pull 2.9.4.1 rules with my Oinkmaster URL; I got an error saying I was not a subscriber, though I can manually download the 2.9.4.1 rules. I was able to pull 2.9.4.0 via Oinkmaster URL.
Edit 2: All problems with my account are cleared and I still cannot automatically download Snort 2.9.4.1 rules.
Edit 3: I had to change {$oinkid} in snort_check_for_rule_updates.php with my actual Oinkid. Then it worked.
I haven't had time to troubleshoot any further. I have confirmed I have the right Oikcode in the GUI. Unless I change it in both spots it wound download the MD5 or rules. I don't have the exact errors from the system logs but it seemed like the download link was wrong so I'm guessing that it's not getting the Oinkcode variable. Troubleshooting time is minimal so any ideas on how to proceed would be appreciated.
