Unable to Update SNORT Rules
-
Hi,
I have pfsense with below details.2.3.4-RELEASE-p1 (i386)
built on Fri Jul 14 14:53:03 CDT 2017
FreeBSD 10.3-RELEASE-p19i have a valid oinkmaster code and cannot update the rules.getting below error.
Snort Version is 3.2.9.5_3
no ipblocker etc is installed.
Starting rules update… Time: 2018-01-23 17:05:00
Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
Checking Snort VRT rules md5 file...
There is a new set of Snort VRT rules posted.
Downloading file 'snortrules-snapshot-2990.tar.gz'...
Done downloading rules file.
Snort VRT rules file download failed. Bad MD5 checksum.
Downloaded Snort VRT rules file MD5: 92c1d9793523ce75d925e5bef8d31529
Expected Snort VRT rules file MD5: 78c94ae8d2f4a1310c7307c82bd6991c
Snort VRT rules file download failed. Snort VRT rules will not be updated.
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Checking Emerging Threats Open rules md5 file...
There is a new set of Emerging Threats Open rules posted.
Downloading file 'emerging.rules.tar.gz'...
Done downloading rules file.
Emerging Threats Open rules file download failed. Bad MD5 checksum.
Downloaded Emerging Threats Open rules file MD5: d41d8cd98f00b204e9800998ecf8427e
Expected Emerging Threats Open rules file MD5: 829c081845f1c81cdcce8e6ec6f99a5b
Emerging Threats Open rules file download failed. Emerging Threats Open rules will not be updated.
The Rules update has finished. Time: 2018-01-23 17:11:25 -
OK seems like /tmp was full.
Resolved my issue by increasing the /tmp size to 300MB since i have plenty of ram
-
@Wroxc:
OK seems like /tmp was full.
Resolved my issue by increasing the /tmp size to 300MB since i have plenty of ram
Yep, Snort and RAM disks are not friends! I don't recommend that configuration, but if you do, make sure you have at least 300 MB configured for /tmp and the same or more for /var if that is also a RAM disk. Snort downloads and extracts rule updates into /tmp, and all the logs are on /var.
Bill
