Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort OpenAppID RULES Detectors fail to download

    IDS/IPS
    8
    14
    1864
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bertobass last edited by

      Snort OpenAppID RULES Detectors always fails to download updates….

      log shows:
      Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
      Downloaded Snort OpenAppID RULES detectors file MD5:

      tried forced update... still not updated

      please help anyone..thank you in advance.

      1 Reply Last reply Reply Quote 0
      • ivor
        ivor last edited by

        I have tried it just now and rules download without issues. What does your log say?

        Need help fast? Our support is available 24/7 https://www.netgate.com/support/

        1 Reply Last reply Reply Quote 0
        • B
          bertobass last edited by

          log shows:
          Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
          Downloaded Snort OpenAppID RULES detectors file MD5:

          1 Reply Last reply Reply Quote 0
          • ivor
            ivor last edited by

            This is fixed by now. Can you try updating the rules?

            Need help fast? Our support is available 24/7 https://www.netgate.com/support/

            1 Reply Last reply Reply Quote 0
            • M
              mrhotflamin last edited by

              Seems like this is still an issue. Seeing the same error.

              1 Reply Last reply Reply Quote 0
              • J
                Johnno last edited by

                I concur, this is still an issue unfortunately.
                Would appreciate some tips or solutions.

                snort 3.2.9.5_3 on PfSense 2.3.4-Release

                Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
                Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
                Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
                Snort OpenAppID RULES detectors file download failed.

                1 Reply Last reply Reply Quote 0
                • S
                  Snailkhan last edited by

                  Me also facing same issue.
                  I have enough space in /temp and vart( 300mb)

                  1 Reply Last reply Reply Quote 0
                  • bmeeks
                    bmeeks last edited by

                    @Wroxc:

                    Me also facing same issue.
                    I have enough space in /temp and vart( 300mb)

                    OpenAppID detector rules is a different problem.  The pfSense team started hosting these volunteer-maintained rules on their site, but there have been some recurring issues with the MD5 checksum not being recalculated correctly when the rules are updated.  Hopefully one of the pfSense folks will see this thread, or you can try contacting them directly.

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • MikeV7896
                      MikeV7896 last edited by

                      It might have everything to do with the timing of downloading your updates for Snort. I installed Snort not quite a month ago and have been downloading the OpenAppID Rules without any problems to date. I have my Snort updates run at 4:05a Eastern (GMT-5), with one update per day.

                      The S in IOT stands for Security

                      1 Reply Last reply Reply Quote 0
                      • B
                        bimmerdriver last edited by

                        I have two pfsense systems with this rule set installed. On one of the systems, the rules are fine. I can force update and they update properly. On the other system, which is connected to the same edge router, the date of the rule set is december 8th, 2017 and it will not update. I've tried force update a few times and it made no difference. Any suggestions?

                        1 Reply Last reply Reply Quote 0
                        • B
                          bimmerdriver last edited by

                          Further to the previous post, in one of my systems, OpenAppID RULES Detectors updated on its own this morning. The other system is still stuck at December 8th, 2017, reporting the same MD5 error as above. Is there a fix for this?

                          1 Reply Last reply Reply Quote 0
                          • B
                            bimmerdriver last edited by

                            The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

                            1 Reply Last reply Reply Quote 0
                            • bmeeks
                              bmeeks last edited by

                              @bimmerdriver:

                              The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

                              There was an update to the Snort GUI a month or two back that updated the URL used for downloading the OpenAppID rules package.  Perhaps your older version is trying the older URL?

                              The current Snort GUI package version is 3.2.9.6.

                              Bill

                              1 Reply Last reply Reply Quote 0
                              • B
                                bimmerdriver last edited by

                                @bmeeks:

                                @bimmerdriver:

                                The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

                                There was an update to the Snort GUI a month or two back that updated the URL used for downloading the OpenAppID rules package.  Perhaps your older version is trying the older URL?

                                The current Snort GUI package version is 3.2.9.6.

                                Bill

                                I updated the package and the problem is fixed. Thank you very much.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post