Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems downloading custom rules in Suricata

    Scheduled Pinned Locked Moved IDS/IPS
    6 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darvin
      last edited by darvin

      Snort Rules Custom Download URL work fine. Here is local log from Apache Server:

      192.168.1.1 - - [16/Dec/2020:13:52:59 -0500] "GET /snortrules-snapshot-29170.tar.gz.md5 HTTP/1.1" 200 4906 "-" "pfSense/2.4.5-RELEASE : 44454c4c-4300-1032-8031-cac04f433aaa"
      192.168.1.1 - - [16/Dec/2020:13:52:59 -0500] "GET /snortrules-snapshot-29170.tar.gz HTTP/1.1" 200 132593762 "-" "pfSense/2.4.5-RELEASE : 44454c4c-4300-1032-8031-cac04f433aaa"

      but Snort GPLv2 Custom Rule Download URL (Community rules) not download. Here is local log from Apache Server:
      192.168.1.1 - - [16/Dec/2020:13:25:02 -0500] "GET /community-rules.tar.gz/md5 HTTP/1.1" 404 4961 "-" "pfSense/2.4.5-RELEASE : 44454c4c-4300-1032-8031-cac04f433aaa"

      in GET log i see community-rules.tar.gz/md5 and it should be community-rules.tar.gz.md5

      Can someone check if this also happens in Snort...
      Any fix?

      I 1 Reply Last reply Reply Quote 0
      • I
        Impatient @darvin
        last edited by

        @darvin
        snortrules-snapshot-29170.tar.gz.md5
        Snort on pfSense 2.5 and as far as I know the latest stable branch is 2.9.16.1 so perhap's
        something has changed in the 2.9.17 branch.

        D 1 Reply Last reply Reply Quote 1
        • D
          darvin @Impatient
          last edited by

          [Solved]
          Edit file /usr/local/pkg/suricata/suricata_check_for_rule_updates.php
          Modify line 448: Remplace /md5 with .md5

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @darvin
            last edited by

            @darvin said in Problems downloading custom rules in Suricata:

            [Solved]
            Edit file /usr/local/pkg/suricata/suricata_check_for_rule_updates.php
            Modify line 448: Remplace /md5 with .md5

            Good catch. Yes, that line is incorrect. Basically what that error will cause is new GPLv2 Community Rules will be downloaded with each periodic update check, whether there are actually new rules posted or not.

            Anyway, I will see that it is fixed in the next release.

            D 1 Reply Last reply Reply Quote 0
            • D
              darvin @bmeeks
              last edited by darvin

              @bmeeks
              Snort has the same problem...
              Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
              Modify line 476: Remplace /md5 with .md5

              Both need an update fix.

              Update: (Snort AppID Open Text Rules)
              Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
              Modify line 451: Remplace /md5 with .md5

              bmeeksB 1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks @darvin
                last edited by

                @darvin said in Problems downloading custom rules in Suricata:

                @bmeeks
                Snort has the same problem...
                Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
                Modify line 476: Remplace /md5 with .md5

                Both need an update fix.

                Update: (Snort AppID Open Text Rules)
                Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
                Modify line 451: Remplace /md5 with .md5

                Okay. Thanks!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.