Snort not updading VRT ruleset

fsansfil

Hello,

Is it normal that snort still update 2955, when 2956 and 2960 have been out since? Im a recent paid suscriber and running Snort 3.0.3.

Thanks for the help.

Cheers

BBcan177

pfSense Snort is using v2.9.5.5

There is a new v2.9.5.6 being released shortly.

There will always be some time between a new snort version and when it is tested and integrated into a Snort Package.

fragged

There will be a 30 day delay from Snort.org binary release to pfSense Snort package binary update as free rules are not available before the binary is 30 days old. This might change in the future if Bill is able to figure out a way to either have both binaries in the package and use the right one according to your free/paid status or have another copy of the package on the pfSense packet repo that has the latest binary for paid Snort subscribers.

jasonlitka

@fragged:

There will be a 30 day delay from Snort.org binary release to pfSense Snort package binary update as free rules are not available before the binary is 30 days old. This might change in the future if Bill is able to figure out a way to either have both binaries in the package and use the right one according to your free/paid status or have another copy of the package on the pfSense packet repo that has the latest binary for paid Snort subscribers.

Wait, so you're saying that even though I'm a paid Snort customer, that the package is downloading the free rules?

fragged

I does download the paid rules. But what you were the OP was talking about in your first post was the Snort binary version.

bmeeks

@fragged:

I does download the paid rules. But what you were the OP was talking about in your first post was the Snort binary version.

The Snort VRT tie the snort binary version to the rules version.  This means you can't use 2.9.6.0 rules with the 2.9.5.5 binary and vice-versa.  The installed binary must match up with the rules.

An update to 2.9.5.6 Snort is on the way.  We are having some issues at the moment getting the binary package to build for 2.0.3 users of pfSense (the old *.tbz packages).  The new 2.1 PBI packages are working fine.  We don't want to release the new update until the binaries will work on both pfSense versions since both are supposed to be supported.  We should get this *.tbz package building problem worked out shortly, and then the new 2.9.5.6 binary and the updated 3.0.4 GUI package will be posted.

I have not updated to 2.9.6.0 yet because doing so will lock out the free users of Snort VRT rules so they would not get updates until the end of February.  And because the binary version and rules version are tied together, that prevents me updating just for the paid-subscriber guys as well.  All things considered, it's probably not a bad idea to be one version behind "bleeding edge"… ;).  That way the bugs can get worked out.

Bill