Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort is trying to install an invalid VRT file

    IDS/IPS
    4
    4
    904
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      YeahBaby
      last edited by

      Snort is failing to install the VRT rules. It is requesting file snortrules-snapshot-2980.tar.gz.md5 while there is no ". . . 2980 . . .", it's . . . 2982 . . .

      See log below

      ===================

      Starting rules update…  Time: 2016-07-03 17:16:54
      Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5…
      Snort VRT rules md5 download failed.
      Server returned error code 422.
      Server error message was:
      Snort VRT rules will not be updated.
      Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
      Checking Snort OpenAppID detectors md5 file...
      Snort OpenAppID detectors are up to date.
      Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
      Checking Snort GPLv2 Community Rules md5 file...
      Snort GPLv2 Community Rules are up to date.
      Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      Checking Emerging Threats Open rules md5 file...
      Emerging Threats Open rules are up to date.
      The Rules update has finished.  Time: 2016-07-03 17:16:57

      ==================

      where is this URL set? The Oinkcode worked just fine elsewhere, it looks to be the request is the issue.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • T
        Tzvia
        last edited by

        Same  here.  Have only had pfSense installed for a few weeks in a VM as a test and noticed this today:

        –----
        Starting rules update...  Time: 2016-07-03 20:00:30
        Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
        Snort VRT rules md5 download failed.
        Server returned error code 422.
        Server error message was:
        Snort VRT rules will not be updated.

        Been failing since 7/1.

        Tzvia

        Current build:
        Hunsn/CWWK Pentium Gold 8505, 6x i226v 'micro firewall'
        16 gigs ram
        500gig WD Blue nvme
        Using modded BIOS (enabled CSTATES)
        PFSense 2.72-RELEASE
        Enabled Intel SpeedShift
        Snort
        PFBlockerNG
        LAN and 5 VLANS

        1 Reply Last reply Reply Quote 0
        • L
          lololo
          last edited by

          Same for me !
          :(
          snort 3.2.9.1_13 / snort-2.9.8.0_1

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            This will be fixed soon.  An updated package pull request has been posted and is waiting to be merged into the RELEASE pfSense package repository.  The updated package is already in the DEVEL tree.

            The July 4 holiday weekend here in the United States has slowed things down a little bit.  It was ultimately my mistake for letting the EOL date of the Snort VRT rules sneak up on me.  I was not timely in getting the 2.9.8.3 update for the Snort binary out there.  The rules for the 2.9.8.0 version that is currently in pfSense RELEASE went EOL on July 1.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.