Snort not update



  • i've installed snort package version 3.2.9.1_13 on pfsense vers 2.3.1. i  hv a problem updating vrt snort rule using oink code.. can anyone help me on this matter.

    this is the latest log today..

    Starting rules update…  Time: 2016-05-27 10:11:45
    Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 422.
    Server error message was:
    Snort VRT rules will not be updated.
    Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    Checking Snort GPLv2 Community Rules md5 file...
    There is a new set of Snort GPLv2 Community Rules posted.
    Downloading file 'community-rules.tar.gz'...
    Done downloading rules file.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    There is a new set of Emerging Threats Open rules posted.
    Downloading file 'emerging.rules.tar.gz'...
    Done downloading rules file.
    Extracting and installing Snort GPLv2 Community Rules...
    Installation of Snort GPLv2 Community Rules completed.
    Extracting and installing Emerging Threats Open rules...
    Installation of Emerging Threats Open rules completed.
    Copying new config and map files...
    Updating rules configuration for: WAN ...
    The Rules update has finished.  Time: 2016-05-27 10:13:43

    Starting rules update...  Time: 2016-05-27 10:13:51
    Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 422.
    Server error message was:
    Snort VRT rules will not be updated.
    Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    Checking Snort GPLv2 Community Rules md5 file...
    There is a new set of Snort GPLv2 Community Rules posted.
    Downloading file 'community-rules.tar.gz'...
    Done downloading rules file.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    There is a new set of Emerging Threats Open rules posted.
    Downloading file 'emerging.rules.tar.gz'...
    Done downloading rules file.
    Extracting and installing Snort GPLv2 Community Rules...
    Installation of Snort GPLv2 Community Rules completed.
    Extracting and installing Emerging Threats Open rules...
    Installation of Emerging Threats Open rules completed.
    Copying new config and map files...
    Updating rules configuration for: WAN ...
    The Rules update has finished.  Time: 2016-05-27 10:15:13



  • I got the same problem, wont update to the latest rule.

    Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5…
    Even when there is a newer ruleset, currently 2982 for registered snort users.



  • Guys:

    These kinds of problems are almost always caused by either connectivity issues between you and the VRT rules server or problems with your Oinkcode subscription.  I just checked, and my rules (2980 version) are updating fine.  There was a successful check this morning (May 31 at 01:30 AM EDT).  I am in the USA by the way.  My personal observation is that users in non-US locations tend to have more frequent issues with rule updates.  I have no idea why other than connectivity somewhere along the way is the culprit.  On very rare occasions the VRT rule server would go down, but that is extremely rare now as I believe they now host the rules updates on Amazon Web Services.

    You can't expect 2982 rules on a 2980 Snort installation.  Snort's binary is locked to a specific matching VRT rules package.  So you can't run 2982 rules until the Snort package on pfSense is updated to the 2982 version.

    Bill



  • Hello,

    I'm having the same problem as the previous users.  I'm in the US and have pfsense on 2.3.1-RELEASE-p5 and snort on 3.2.9.1_13

    Here's the log:

    Starting rules update…  Time: 2016-07-03 11:37:01
    Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 422.
    Server error message was:
    Snort VRT rules will not be updated.
    Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
    Checking Snort OpenAppID detectors md5 file...
    There is a new set of Snort OpenAppID detectors posted.
    Downloading file 'snort-openappid.tar.gz'...
    Done downloading rules file.
    Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    Checking Snort GPLv2 Community Rules md5 file...
    There is a new set of Snort GPLv2 Community Rules posted.
    Downloading file 'community-rules.tar.gz'...
    Done downloading rules file.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    There is a new set of Emerging Threats Open rules posted.
    Downloading file 'emerging.rules.tar.gz'...
    Done downloading rules file.
    Extracting and installing Snort OpenAppID detectors...
    Installation of Snort OpenAppID detectors completed.
    Extracting and installing Snort GPLv2 Community Rules...
    Installation of Snort GPLv2 Community Rules completed.
    Extracting and installing Emerging Threats Open rules...
    Installation of Emerging Threats Open rules completed.
    Copying new config and map files...
    Updating rules configuration for: WAN ...
    Restarting Snort to activate the new set of rules...
    Snort has restarted with your new set of rules.
    The Rules update has finished.  Time: 2016-07-03 11:37:41

    Any suggestions?  It looks like the system is attempting to download the 2980 rules...



  • Just saw a  bunch of other threads about Snort VRT rules failing.

    The answer/fix is to wait till snort is updated…



  • Have a look at this thread (https://forum.pfsense.org/index.php?topic=112883.0) in the same sub-forum for an explanation.  Sounds like a package upgrade will be forthcoming…



  • Upgrading to 3.2.9.1_14 fixed this issue for me.  This version updates the version of snort so between _13 and _14, it bigger then just a minor change.  Would be great for future changes to snort-pfsense, to be visually apparent when larger changes were made (meaning don't only change the minor version).  I was looking at this for an hour and didn't realize the version of snort changed, outside a few big fixes.  No more errors now w/ the latest pfsense and latest snort (as of this post).


Log in to reply