Suricata - VTR rules md5 fails to download

  • I am getting suricata setup and it's not downloading the Snort VTR rules, when i update it fails and the logs show:

    Starting rules update…  Time: 2016-11-10 09:44:37
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    There is a new set of Emerging Threats Open rules posted.
    Downloading file 'emerging.rules.tar.gz'...
    Done downloading rules file.
    Downloading Snort VRT rules md5 file  snortrules-snapshot-2983.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 422.
    Server error message was:
    Snort VRT rules will not be updated.

    I have tried using different snapshots but all fail at downloading md5.  I have an account (free) and correct oinkmaster code, not sure what else to try.

  • Just go into services –> snort and update it manually. Mine for some reason failed automatic set time to update the last few days, but update successfully this morning.

  • Thanks for the response but I don't have snort installed, I am just using suricata… Should I install Snort as well?

  • Banned

    No, you should simply try to update it manually.

  • ::) I'm having the same issue, even with a forced update.

  • @PF64:

    ::) I'm having the same issue, even with a forced update.

    I figured it out, the file name changed, probably when it rolled to snort 3.0:

    snortrules-snapshot-2982.tar.gz OLD
    snortrules-snapshot-2983.tar.gz NEW

    Update on the Global Settings tab of Suricata and you should be good to go. Mine updated just fine after I figured it out.

  • I tried 2983 before, but there was a suricata update that I installed yesterday and the snort rules snapshot downloaded… So just in case none of the suggestions work, try to update the package.

Log in to reply