Snort VRT rules update error

peppegate · Oct 9, 2015, 2:38 PM

Hello,
i have a problem wth VTR Rules update (and now all VTR rules are empty) ,
when i try to update it i receive an error:

Snort VRT rules will not be updated.
Server returned error code 422.

I already see some Topic with this problem but all refer to "Suricata" , i have only Snort installed as IDS not Suricata , how can i fix?

I have Free subscription

Already did:
Try to search file with URL inside luckyless
Changed Oinkcode with a new one , and i receive same error.

Anyone can help me pls?
tnx

doktornotor · Oct 9, 2015, 2:50 PM

Most likely by upgrading your pfSense 2.1.x to a version where the package still exists.

peppegate · Oct 9, 2015, 3:19 PM

hello,
i have snort to Snort 2.9.7.0 pkg v3.2.3

and pfsense to 2.2.4-RELEASE (amd64)

i have update off from 10 of june

doktornotor · Oct 9, 2015, 5:40 PM

The current package version on 2.2.x is 3.2.8.2, using Snort 2.9.7.5. Please, upgrade your packages before reporting bugs!

bmeeks · Oct 12, 2015, 12:58 PM

@peppegate:

hello,
i have snort to Snort 2.9.7.0 pkg v3.2.3

and pfsense to 2.2.4-RELEASE (amd64)

i have update off from 10 of june

As the doktor pointed out, the Snort team has discontinued rules support for the 2.9.7.0 Snort version. VRT rules are tied by version number to specific Snort binaries. The Snort VRT has life-cycle management for both the binary Snort version and therefore the rules (since they must match). Each version rolls out of support at some period of time after initial release. Your old Snort version has rolled out of rules support (meaning the VRT no longer produces rules that will work with that older Snort binary).

This will always happen with Snort, and so users need to keep the package updated. Another complicating issue is that due to changes in the FreeBSD kernel, the newer Snort binaries cannot be compiled for pfSense 2.1 and earlier. So to continue using Snort, you must upgrade your pfSense to 2.2.x and then upgrade Snort (it will automatically get upgraded when you update pfSense to 2.2).

EDIT: need to correct this statement – ..."due to changes in the FreeBSD kernel"… That is not technically accurate. It's actually due to changes in the Ports infrastructure and the package creation tools, but the end result is still that most newer versions of FreeBSD ports no longer compile for pfSense versions older than 2.2.x.

Bill

peppegate · Oct 10, 2015, 9:58 AM

Hello guyz ,
i really thanks all of you for the answers ,
my Pfsense from dashboard told me that is Up to date (2.2.4 as i wrote) , did you know if there is a new version?
Did you think that with an update only of Snort i could solve the problem?
tnx

doktornotor · Oct 10, 2015, 10:20 AM

We are talking about package version here. You are many versions behind. Update the Snort package.

peppegate · Oct 12, 2015, 8:21 AM

hello,
tnx for Answer , can i know how update package? that is how you mean right?

doktornotor · Oct 12, 2015, 9:09 AM

In the same place where you installed it. Simply click the reinstall button.