Suricata ETOpen rule update fails while snort updates without a problem.



  • Hi All,

    I'm having a small issue with Suricata and its update of the ETOpen rule set. Suricata is running on the WAN and the Snort on the internal interfaces. Snort is not having any issues and updates correctly.

    This is the log snippet
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5…
    Emerging Threats Open rules md5 download failed.
    Server returned error code 404.
    Server error message was: 404 Not Found
    Emerging Threats Open rules will not be updated.

    All of the other rules (VRT, etc) update without an issue.

    DNS seems to be working and I can resolve and directory browse the rules.emergingthreats.net service.

    Currently running pf 2.4.1 and suricata 4.0.0_2



  • This would indicate that the MD5 file is missing from the ET Open web site.  If so, that's not the first time this happened.  Give it some time for them to notice the missing MD5 file and it will sort itself out when they post the right file in the right place.

    It's not a problem with the package on pfSense.  It's a missing file on the ET Open web site.

    EDIT:  just checked my firewall and it updated the ET Open rules successfully at 1:30 PM US Eastern Time today.

    Bill



  • Hi Bill,

    How right you were. Just updated without a problem.
    Thank you very much for taking the time to get back to me.

    Kind regards
    John