Snort OpenAppID RULES - Server returned error code 0
-
I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.
I've also deleted the Snort package and re-installed it and restored pfSense to a version where Snort had previously updated all rules.
Any help is much appreciated.
-
I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.
I've also deleted the Snort package and re-installed it and restored pfSense to a version where Snort had previously updated all rules.
Any help is much appreciated.
I also get problem with the APPID RULES download.
According to logs it says:
Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5…
Checking Snort OpenAppID RULES detectors md5 file...
There is a new set of Snort OpenAppID RULES detectors posted.
Downloading file 'appid_rules.tar.gz'...
Done downloading rules file.
Snort OpenAppID RULES detectors file download failed. Bad MD5 checksum.
Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
Snort OpenAppID RULES detectors file download failed. Snort OpenAppID RULES detectors will not be updated.And just to make sure, I manually downloaded the http://files.pfsense.org/openappid/appid_rules.tar.gz and http://files.pfsense.org/openappid/appid_rules.tar.gz.md5
and then made a manual md5 checksum of the "appid_rules.tar.gz" and compared it to the downloaded one.DOWNLOADED: d4539caec45fdb0484ded9de593e0dc4
MANUAL MD5: 4a919586ee271f633a04b406b1332bf9Exactly the same as from the pfSense. So either someone has modified the appid_rules.tar.gz after the checksum was created
OR the appid_rules.tar.gz has been updated and someone has forgot to create a new updated md5 checksum file
or possible that the the appid file has gone corrupted.Please correct this.
The interesting part is that the appid file and the md5 file is stored at almost the same time. only 2 min apart.
http://files.pfsense.org/openappid/
appid_rules.tar.gz 08-Dec-2017 20:46 788480
appid_rules.tar.gz.md5 08-Dec-2017 20:48 33Best regards
Dan Lundqvist
MRZAZ.COM
Stockholm, Sweden -
I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.
I've also deleted the Snort package and re-installed it and restored pfSense to a version where Snort had previously updated all rules.
Any help is much appreciated.
I also get problem with the APPID RULES download.
According to logs it says:
Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5…
Checking Snort OpenAppID RULES detectors md5 file...
There is a new set of Snort OpenAppID RULES detectors posted.
Downloading file 'appid_rules.tar.gz'...
Done downloading rules file.
Snort OpenAppID RULES detectors file download failed. Bad MD5 checksum.
Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
Snort OpenAppID RULES detectors file download failed. Snort OpenAppID RULES detectors will not be updated.And just to make sure, I manually downloaded the http://files.pfsense.org/openappid/appid_rules.tar.gz and http://files.pfsense.org/openappid/appid_rules.tar.gz.md5
and then made a manual md5 checksum of the "appid_rules.tar.gz" and compared it to the downloaded one.DOWNLOADED: d4539caec45fdb0484ded9de593e0dc4
MANUAL MD5: 4a919586ee271f633a04b406b1332bf9Exactly the same as from the pfSense. So either someone has modified the appid_rules.tar.gz after the checksum was created
OR the appid_rules.tar.gz has been updated and someone has forgot to create a new updated md5 checksum file
or possible that the the appid file has gone corrupted.Please correct this.
The interesting part is that the appid file and the md5 file is stored at almost the same time. only 2 min apart.
http://files.pfsense.org/openappid/
appid_rules.tar.gz 08-Dec-2017 20:46 788480
appid_rules.tar.gz.md5 08-Dec-2017 20:48 33Best regards
Dan Lundqvist
MRZAZ.COM
Stockholm, SwedenAs stated in some earlier posts and the pfSense blog, the pfSense team recently began hosting the OpenAppID rules for download migrating them away from the Brazilian University web site. I think there are still some wrinkles to work out with regards to mirroring the two required files. I reported this thread to the pfSense team member who coordinated the hosting effort so he can take a look.
Bill
-
Should be good now.
-
I have this error:
Dec 14 10:25:30 php-fpm 57060 /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 20090 -D -q –suppress-config-log -l /var/log/snort/snort_igb020090 --pid-path /var/run --nolock-pidfile -G 20090 -c /usr/local/etc/snort/snort_20090_igb0/snort.conf -i igb0' returned exit code '1', the output was ''
Dec 14 10:25:30 snort 91420 FATAL ERROR: /usr/local/etc/snort/snort_20090_igb0/rules/snort.rules(3803) Rule options must be enclosed in '(' and ')'.
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4115 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 503 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 503 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 503 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 503 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4126 is UNKNOWN
Dec 14 10:25:29 snort 91420 Invalid direct client application AppId, 4126, for 0x809fc83e0 0x8045ae180
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4387 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4385 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4043 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4109 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4387 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4387 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 4385 is UNKNOWN
Dec 14 10:25:29 snort 91420 AppInfo: AppId 473 is UNKNOWN
