Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata - VTR rules md5 fails to download

    IDS/IPS
    4
    7
    1213
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flowjo-mike last edited by

      I am getting suricata setup and it's not downloading the Snort VTR rules, when i update it fails and the logs show:

      Starting rules update…  Time: 2016-11-10 09:44:37
      Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      Checking Emerging Threats Open rules md5 file...
      There is a new set of Emerging Threats Open rules posted.
      Downloading file 'emerging.rules.tar.gz'...
      Done downloading rules file.
      Downloading Snort VRT rules md5 file  snortrules-snapshot-2983.tar.gz.md5...
      Snort VRT rules md5 download failed.
      Server returned error code 422.
      Server error message was:
      Snort VRT rules will not be updated.

      I have tried using different snapshots but all fail at downloading md5.  I have an account (free) and correct oinkmaster code, not sure what else to try.

      1 Reply Last reply Reply Quote 0
      • U
        u3c307 last edited by

        Just go into services –> snort and update it manually. Mine for some reason failed automatic set time to update the last few days, but update successfully this morning.

        1 Reply Last reply Reply Quote 0
        • F
          flowjo-mike last edited by

          Thanks for the response but I don't have snort installed, I am just using suricata… Should I install Snort as well?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            No, you should simply try to update it manually.

            1 Reply Last reply Reply Quote 0
            • P
              PF64 last edited by

              ::) I'm having the same issue, even with a forced update.

              1 Reply Last reply Reply Quote 0
              • P
                PF64 last edited by

                @PF64:

                ::) I'm having the same issue, even with a forced update.

                I figured it out, the file name changed, probably when it rolled to snort 3.0:

                snortrules-snapshot-2982.tar.gz OLD
                snortrules-snapshot-2983.tar.gz NEW

                Update on the Global Settings tab of Suricata and you should be good to go. Mine updated just fine after I figured it out.

                1 Reply Last reply Reply Quote 0
                • F
                  flowjo-mike last edited by

                  I tried 2983 before, but there was a suricata update that I installed yesterday and the snort rules snapshot downloaded… So just in case none of the suggestions work, try to update the package.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post