Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort not update

    Scheduled Pinned Locked Moved IDS/IPS
    7 Posts 6 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hery524
      last edited by

      i've installed snort package version 3.2.9.1_13 on pfsense vers 2.3.1. i  hv a problem updating vrt snort rule using oink code.. can anyone help me on this matter.

      this is the latest log today..

      Starting rules update…  Time: 2016-05-27 10:11:45
      Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
      Snort VRT rules md5 download failed.
      Server returned error code 422.
      Server error message was:
      Snort VRT rules will not be updated.
      Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
      Checking Snort GPLv2 Community Rules md5 file...
      There is a new set of Snort GPLv2 Community Rules posted.
      Downloading file 'community-rules.tar.gz'...
      Done downloading rules file.
      Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      Checking Emerging Threats Open rules md5 file...
      There is a new set of Emerging Threats Open rules posted.
      Downloading file 'emerging.rules.tar.gz'...
      Done downloading rules file.
      Extracting and installing Snort GPLv2 Community Rules...
      Installation of Snort GPLv2 Community Rules completed.
      Extracting and installing Emerging Threats Open rules...
      Installation of Emerging Threats Open rules completed.
      Copying new config and map files...
      Updating rules configuration for: WAN ...
      The Rules update has finished.  Time: 2016-05-27 10:13:43

      Starting rules update...  Time: 2016-05-27 10:13:51
      Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
      Snort VRT rules md5 download failed.
      Server returned error code 422.
      Server error message was:
      Snort VRT rules will not be updated.
      Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
      Checking Snort GPLv2 Community Rules md5 file...
      There is a new set of Snort GPLv2 Community Rules posted.
      Downloading file 'community-rules.tar.gz'...
      Done downloading rules file.
      Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      Checking Emerging Threats Open rules md5 file...
      There is a new set of Emerging Threats Open rules posted.
      Downloading file 'emerging.rules.tar.gz'...
      Done downloading rules file.
      Extracting and installing Snort GPLv2 Community Rules...
      Installation of Snort GPLv2 Community Rules completed.
      Extracting and installing Emerging Threats Open rules...
      Installation of Emerging Threats Open rules completed.
      Copying new config and map files...
      Updating rules configuration for: WAN ...
      The Rules update has finished.  Time: 2016-05-27 10:15:13

      1 Reply Last reply Reply Quote 0
      • M
        Mowgli
        last edited by

        I got the same problem, wont update to the latest rule.

        Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5…
        Even when there is a newer ruleset, currently 2982 for registered snort users.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          Guys:

          These kinds of problems are almost always caused by either connectivity issues between you and the VRT rules server or problems with your Oinkcode subscription.  I just checked, and my rules (2980 version) are updating fine.  There was a successful check this morning (May 31 at 01:30 AM EDT).  I am in the USA by the way.  My personal observation is that users in non-US locations tend to have more frequent issues with rule updates.  I have no idea why other than connectivity somewhere along the way is the culprit.  On very rare occasions the VRT rule server would go down, but that is extremely rare now as I believe they now host the rules updates on Amazon Web Services.

          You can't expect 2982 rules on a 2980 Snort installation.  Snort's binary is locked to a specific matching VRT rules package.  So you can't run 2982 rules until the Snort package on pfSense is updated to the 2982 version.

          Bill

          1 Reply Last reply Reply Quote 0
          • D
            dmbortz
            last edited by

            Hello,

            I'm having the same problem as the previous users.  I'm in the US and have pfsense on 2.3.1-RELEASE-p5 and snort on 3.2.9.1_13

            Here's the log:

            Starting rules update…  Time: 2016-07-03 11:37:01
            Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
            Snort VRT rules md5 download failed.
            Server returned error code 422.
            Server error message was:
            Snort VRT rules will not be updated.
            Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
            Checking Snort OpenAppID detectors md5 file...
            There is a new set of Snort OpenAppID detectors posted.
            Downloading file 'snort-openappid.tar.gz'...
            Done downloading rules file.
            Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
            Checking Snort GPLv2 Community Rules md5 file...
            There is a new set of Snort GPLv2 Community Rules posted.
            Downloading file 'community-rules.tar.gz'...
            Done downloading rules file.
            Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
            Checking Emerging Threats Open rules md5 file...
            There is a new set of Emerging Threats Open rules posted.
            Downloading file 'emerging.rules.tar.gz'...
            Done downloading rules file.
            Extracting and installing Snort OpenAppID detectors...
            Installation of Snort OpenAppID detectors completed.
            Extracting and installing Snort GPLv2 Community Rules...
            Installation of Snort GPLv2 Community Rules completed.
            Extracting and installing Emerging Threats Open rules...
            Installation of Emerging Threats Open rules completed.
            Copying new config and map files...
            Updating rules configuration for: WAN ...
            Restarting Snort to activate the new set of rules...
            Snort has restarted with your new set of rules.
            The Rules update has finished.  Time: 2016-07-03 11:37:41

            Any suggestions?  It looks like the system is attempting to download the 2980 rules...

            1 Reply Last reply Reply Quote 0
            • D
              dmbortz
              last edited by

              Just saw a  bunch of other threads about Snort VRT rules failing.

              The answer/fix is to wait till snort is updated…

              1 Reply Last reply Reply Quote 0
              • B
                BorealCoder
                last edited by

                Have a look at this thread (https://forum.pfsense.org/index.php?topic=112883.0) in the same sub-forum for an explanation.  Sounds like a package upgrade will be forthcoming…

                1 Reply Last reply Reply Quote 0
                • S
                  SomeSense
                  last edited by

                  Upgrading to 3.2.9.1_14 fixed this issue for me.  This version updates the version of snort so between _13 and _14, it bigger then just a minor change.  Would be great for future changes to snort-pfsense, to be visually apparent when larger changes were made (meaning don't only change the minor version).  I was looking at this for an hour and didn't realize the version of snort changed, outside a few big fixes.  No more errors now w/ the latest pfsense and latest snort (as of this post).

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.