Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Trouble shooting 1.2.1 RC2 Snort Pkg Rule update

    pfSense Packages
    2
    3
    1396
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gsporter last edited by

      **I am stumped.  When updating snort rules for the first time I can successfully download

      /tmp/snortRulesnwjGqN/snortrules-snapshot-CURRENT.tar

      When I check it with the MD5 hash it is a valid file.  However the auto update process seems to break
      there.

      When I check the folder /usr/local/etc/snort/rules is not being created.  I am not finding
      any error messages in pfsense's system log to indicate if it is breaking when the MD5 is
      being applied or the rules extracted.

      If I have 'auto rule update' enabled over time I end up with multiple folders
      /tmp/snortRules<random_string>/snortrules-snapshot-CURRENT.tar

      I am more familar with linux so I am a little out of my element.  It seems like I need to
      change  /usr/local/pkg/snort_check_for_rule_updates.php to reflect the snort package
      version actual in use i.e.  2.8.2.1_1 or snortrules-snapshot-2.8.tar.gz

      Any suggestions would be appreciated.

      Thanks for your attention to this matter,

      GP</random_string>**

      1 Reply Last reply Reply Quote 0
      • M
        Monoecus last edited by

        You should search the forum. There have been some more posts about this.

        1 Reply Last reply Reply Quote 0
        • G
          gsporter last edited by

          I have searched the forums several times, thank you.
          I am using the "ac-bnfa"  mode that was the solution in one post ( I have also tried "lowmem" that has worked other types of installation).

          It's weird in that my first install it worked fine.  I had to reinstall on new hardware and it stopped working.
          I have reinstalled half a dozen times with no luck.

          In another post a delay to allow for the interfaces to come up was sugguested.  I have tried turning automatic updates off to provide that delay with no luck.

          Can anyone at least provide a manual method of updating as a work around?

          Well after two days it ran successfully! I have no clue why.  Please ignore post

          1 Reply Last reply Reply Quote 0
          • First post
            Last post