Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not able to download Snort Signature on Pfsense

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      ketan
      last edited by

      Hi Team,

      I am not able to download Snort Subscriber Ruleset on Pfsense.

      I am getting below error while downloading,

      We are getting below error.

      Starting rules update... Time: 2019-03-04 15:38:29
      Downloading Snort Subscriber rules md5 file snortrules-snapshot-29120.tar.gz.md5...
      Snort Subscriber rules md5 download failed.
      Server returned error code 429.
      Server error message was:
      Snort Subscriber rules will not be updated.
      Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
      Snort OpenAppID detectors md5 download failed.
      Server returned error code 429.
      Server error message was:
      Snort OpenAppID detectors will not be updated.
      Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
      Snort GPLv2 Community Rules md5 download failed.
      Server returned error code 429.
      Server error message was:
      Snort GPLv2 Community Rules will not be updated.
      Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      Checking Emerging Threats Open rules md5 file...
      There is a new set of Emerging Threats Open rules posted.
      Downloading file 'emerging.rules.tar.gz'...
      Done downloading rules file.
      Extracting and installing Emerging Threats Open rules...
      Installation of Emerging Threats Open rules completed.
      Copying new config and map files...
      Updating rules configuration for: WAN ...
      The Rules update has finished. Time: 2019-03-04 15:38:35

      Thanks & Regards
      Ketan Kulkarni

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @ketan said in Not able to download Snort Signature on Pfsense:

        Server returned error code 429

        https://httpstatuses.com/429
        Try a little bit later. The 'server' is overloaded.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • K
          ketan
          last edited by

          Hi Team,

          Still i am not able to download it. Now i am getting.

          tarting rules update... Time: 2019-03-04 19:16:22
          Downloading Snort Subscriber rules md5 file snortrules-snapshot-29120.tar.gz.md5...
          Snort Subscriber rules md5 download failed.
          Server returned error code 422.
          Server error message was:
          Snort Subscriber rules will not be updated.
          Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
          Checking Snort OpenAppID detectors md5 file...
          Snort OpenAppID detectors are up to date.
          Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
          Checking Snort GPLv2 Community Rules md5 file...
          Snort GPLv2 Community Rules are up to date.
          Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
          Checking Emerging Threats Open rules md5 file...
          Emerging Threats Open rules are up to date.
          The Rules update has finished. Time: 2019-03-04 19:16:22

          Starting rules update... Time: 2019-03-04 19:16:26
          Downloading Snort Subscriber rules md5 file snortrules-snapshot-29120.tar.gz.md5...
          Snort Subscriber rules md5 download failed.
          Server returned error code 422.
          Server error message was:
          Snort Subscriber rules will not be updated.
          Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
          Checking Snort OpenAppID detectors md5 file...
          There is a new set of Snort OpenAppID detectors posted.
          Downloading file 'snort-openappid.tar.gz'...
          Done downloading rules file.
          Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
          Checking Snort GPLv2 Community Rules md5 file...
          There is a new set of Snort GPLv2 Community Rules posted.
          Downloading file 'community-rules.tar.gz'...
          Done downloading rules file.
          Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
          Checking Emerging Threats Open rules md5 file...
          There is a new set of Emerging Threats Open rules posted.
          Downloading file 'emerging.rules.tar.gz'...
          Done downloading rules file.
          Extracting and installing Snort OpenAppID detectors...
          Installation of Snort OpenAppID detectors completed.
          Extracting and installing Snort GPLv2 Community Rules...
          Installation of Snort GPLv2 Community Rules completed.
          Extracting and installing Emerging Threats Open rules...
          Installation of Emerging Threats Open rules completed.
          Copying new config and map files...
          Updating rules configuration for: WAN ...
          Restarting Snort to activate the new set of rules...
          Snort has restarted with your new set of rules.
          The Rules update has finished. Time: 2019-03-04 19:16:40

          Regards
          Ketan Kulkarni

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @ketan said in Not able to download Snort Signature on Pfsense:

            422

            Before, he was overloaded.
            Now he is about to die.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad
              last edited by NogBadTheBad

              You have paid a subscription haven't you ?

              https://www.snort.org/products

              What version of snort are you running ?

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by bmeeks

                You must have a valid Oinkcode subscription code. You can have either a free registered code or a paid subscription code. You must obtain the code from the Snort.org web site.

                Next, if you are running any type of RAM disk configuration on your firewall, make sure you have at least 256 MB of free space in the /tmp directory (and preferably up to 512 MB free). Snort needs available free disk space to download the rules tarballs and unpack them during the update process. Running out of space on /tmp will cause all kinds of weird errors. Look at the pfSense system log to see if any errors show up there related to disk space.

                P.S. -- the only way to tell if disk space was an issue is to review the system log. When the update process finishes (either successfully or with a failure), it will clean up behind itself and delete the files and sub-directories it created in /tmp. So simply looking at the dashboard disk space widget will not reveal the problem.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.