Trouble shooting 1.2.1 RC2 Snort Pkg Rule update



  • **I am stumped.  When updating snort rules for the first time I can successfully download

    /tmp/snortRulesnwjGqN/snortrules-snapshot-CURRENT.tar

    When I check it with the MD5 hash it is a valid file.  However the auto update process seems to break
    there.

    When I check the folder /usr/local/etc/snort/rules is not being created.  I am not finding
    any error messages in pfsense's system log to indicate if it is breaking when the MD5 is
    being applied or the rules extracted.

    If I have 'auto rule update' enabled over time I end up with multiple folders
    /tmp/snortRules<random_string>/snortrules-snapshot-CURRENT.tar

    I am more familar with linux so I am a little out of my element.  It seems like I need to
    change  /usr/local/pkg/snort_check_for_rule_updates.php to reflect the snort package
    version actual in use i.e.  2.8.2.1_1 or snortrules-snapshot-2.8.tar.gz

    Any suggestions would be appreciated.

    Thanks for your attention to this matter,

    GP</random_string>**



  • You should search the forum. There have been some more posts about this.



  • I have searched the forums several times, thank you.
    I am using the "ac-bnfa"  mode that was the solution in one post ( I have also tried "lowmem" that has worked other types of installation).

    It's weird in that my first install it worked fine.  I had to reinstall on new hardware and it stopped working.
    I have reinstalled half a dozen times with no luck.

    In another post a delay to allow for the interfaces to come up was sugguested.  I have tried turning automatic updates off to provide that delay with no luck.

    Can anyone at least provide a manual method of updating as a work around?

    Well after two days it ran successfully! I have no clue why.  Please ignore post


Log in to reply