Suricata - VTR rules md5 fails to download
-
I am getting suricata setup and it's not downloading the Snort VTR rules, when i update it fails and the logs show:
Starting rules update… Time: 2016-11-10 09:44:37
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Checking Emerging Threats Open rules md5 file...
There is a new set of Emerging Threats Open rules posted.
Downloading file 'emerging.rules.tar.gz'...
Done downloading rules file.
Downloading Snort VRT rules md5 file snortrules-snapshot-2983.tar.gz.md5...
Snort VRT rules md5 download failed.
Server returned error code 422.
Server error message was:
Snort VRT rules will not be updated.I have tried using different snapshots but all fail at downloading md5. I have an account (free) and correct oinkmaster code, not sure what else to try.
-
Just go into services –> snort and update it manually. Mine for some reason failed automatic set time to update the last few days, but update successfully this morning.
-
Thanks for the response but I don't have snort installed, I am just using suricata… Should I install Snort as well?
-
No, you should simply try to update it manually.
-
::) I'm having the same issue, even with a forced update.
-
::) I'm having the same issue, even with a forced update.
I figured it out, the file name changed, probably when it rolled to snort 3.0:
snortrules-snapshot-2982.tar.gz OLD
snortrules-snapshot-2983.tar.gz NEWUpdate on the Global Settings tab of Suricata and you should be good to go. Mine updated just fine after I figured it out.
-
I tried 2983 before, but there was a suricata update that I installed yesterday and the snort rules snapshot downloaded… So just in case none of the suggestions work, try to update the package.