Trouble shooting 1.2.1 RC2 Snort Pkg Rule update
-
**I am stumped. When updating snort rules for the first time I can successfully download
/tmp/snortRulesnwjGqN/snortrules-snapshot-CURRENT.tar
When I check it with the MD5 hash it is a valid file. However the auto update process seems to break
there.When I check the folder /usr/local/etc/snort/rules is not being created. I am not finding
any error messages in pfsense's system log to indicate if it is breaking when the MD5 is
being applied or the rules extracted.If I have 'auto rule update' enabled over time I end up with multiple folders
/tmp/snortRules<random_string>/snortrules-snapshot-CURRENT.tarI am more familar with linux so I am a little out of my element. It seems like I need to
change /usr/local/pkg/snort_check_for_rule_updates.php to reflect the snort package
version actual in use i.e. 2.8.2.1_1 or snortrules-snapshot-2.8.tar.gzAny suggestions would be appreciated.
Thanks for your attention to this matter,
GP</random_string>**
-
You should search the forum. There have been some more posts about this.
-
I have searched the forums several times, thank you.
I am using the "ac-bnfa" mode that was the solution in one post ( I have also tried "lowmem" that has worked other types of installation).It's weird in that my first install it worked fine. I had to reinstall on new hardware and it stopped working.
I have reinstalled half a dozen times with no luck.In another post a delay to allow for the interfaces to come up was sugguested. I have tried turning automatic updates off to provide that delay with no luck.
Can anyone at least provide a manual method of updating as a work around?
Well after two days it ran successfully! I have no clue why. Please ignore post