Version 2.1.5 Snort Missing from Available Packages

mschiek01

On version 2.1.5 I am trying to reinstall snort and it is missing from the available package list as well as the installed list.

doktornotor

Yeah, gone forever. Upgrade your pfSense. https://github.com/pfsense/pfsense-packages/pull/1065

mschiek01

Yeah I would love to upgrade but unfortunately not all the packages will reinstall on 2.2.4 either. I already tried on a test box. Mailscanner & Dansguardian just to name a few. There has got to be a way to reinstall it.

doktornotor

You did not get the point, I guess? IDS without rules is completely useless.

mschiek01

Not sure I understand what your are saying why would the rules not be available?

doktornotor

Perhaps, read the info linked above?

mschiek01

I read the posting thank you.

The rule sets were already there as the installation was pre-existing. Something was better than nothing. Removing it from the repository just created more problems than it fixes. A simple warning would have sufficed.

doktornotor

Dude… what warning? Warning: Your are installing a completely useless package that won't do anything?

Noone who installs this will have any rules. And won't be able to download them. There are no "pre-existing" rules. They are removed with the PBI.

mschiek01

Here is a current system running 2.1.5 with snort installed. Either I am not understanding you or snort is not reporting the rule set properly as this shows it is updating correctly.

I am not trying to start an argument I am just trying to understand what is going on. You should understand that maybe everyone does not have the same expertise as you have that is why this a community.

![2.1.5.snort current.jpg](/public/imported_attachments/1/2.1.5.snort current.jpg)
![2.1.5.snort current.jpg_thumb](/public/imported_attachments/1/2.1.5.snort current.jpg_thumb)

doktornotor

Dude. When you reinstall a package, the PBI dir gets deleted and the rules are gone. This debate is incredibly pointless waste of time.

mschiek01

What debate I was just trying to understand what was going on. Once again maybe you could understand not everyone is as knowledgeable as you. Thanks for your time.

G.D. Wusser Esq.

Emerging threat rules still work and download fine.
Why kill the whole package just because one of the providers quit offering updates?

doktornotor

Your two viable options:

upgrade pfSense (should have done that long ago anyway)
use Suricata which doesn't hardcode rules versions (the package is no longer updated either, because newer versions don't even compile on FreeBSD 8.x any more).

Further rants here will get you exactly nowhere.

G.D. Wusser Esq.

There are other options too, like hosting Snort separately from pfSense, for example.

doktornotor

I don't think you have a clue what you are talking about really…

G.D. Wusser Esq.

Snort is not exclusive to pfSense. It can be installed separately.

doktornotor

Yes. So install it.