Version 2.1.5 Snort Missing from Available Packages

doktornotor · Sep 22, 2015, 9:40 PM

You did not get the point, I guess? IDS without rules is completely useless.

mschiek01 · Sep 22, 2015, 10:00 PM

Not sure I understand what your are saying why would the rules not be available?

doktornotor · Sep 22, 2015, 10:00 PM

Perhaps, read the info linked above?

mschiek01 · Sep 23, 2015, 1:37 PM

I read the posting thank you.

The rule sets were already there as the installation was pre-existing. Something was better than nothing. Removing it from the repository just created more problems than it fixes. A simple warning would have sufficed.

doktornotor · Sep 23, 2015, 2:51 PM

Dude… what warning? Warning: Your are installing a completely useless package that won't do anything?

Noone who installs this will have any rules. And won't be able to download them. There are no "pre-existing" rules. They are removed with the PBI.

mschiek01 · Sep 23, 2015, 4:24 PM

Here is a current system running 2.1.5 with snort installed. Either I am not understanding you or snort is not reporting the rule set properly as this shows it is updating correctly.

I am not trying to start an argument I am just trying to understand what is going on. You should understand that maybe everyone does not have the same expertise as you have that is why this a community.

![2.1.5.snort current.jpg](/public/imported_attachments/1/2.1.5.snort current.jpg)
![2.1.5.snort current.jpg_thumb](/public/imported_attachments/1/2.1.5.snort current.jpg_thumb)

doktornotor · Sep 23, 2015, 4:26 PM

Dude. When you reinstall a package, the PBI dir gets deleted and the rules are gone. This debate is incredibly pointless waste of time.

mschiek01 · Sep 23, 2015, 4:46 PM

What debate I was just trying to understand what was going on. Once again maybe you could understand not everyone is as knowledgeable as you. Thanks for your time.

G.D. Wusser Esq. · Sep 25, 2015, 2:32 AM

Emerging threat rules still work and download fine.
Why kill the whole package just because one of the providers quit offering updates?

doktornotor · Sep 26, 2015, 10:02 AM

Your two viable options:

upgrade pfSense (should have done that long ago anyway)
use Suricata which doesn't hardcode rules versions (the package is no longer updated either, because newer versions don't even compile on FreeBSD 8.x any more).

Further rants here will get you exactly nowhere.

G.D. Wusser Esq. · Oct 12, 2015, 10:53 PM

There are other options too, like hosting Snort separately from pfSense, for example.

doktornotor · Oct 12, 2015, 10:58 PM

I don't think you have a clue what you are talking about really…

G.D. Wusser Esq. · Oct 12, 2015, 11:00 PM

Snort is not exclusive to pfSense. It can be installed separately.

doktornotor · Oct 12, 2015, 11:03 PM

Yes. So install it.