Surricata upgrading not completing



  • Can't get the Suricata package to complete an upgrade. Stops at the snort rules load. I have a subscription and oinkcode.

    Jul 31 10:57:55 php [Suricata] There is a new set of Snort rules posted. Downloading snortrules-snapshot-29111.tar.gz...
    Jul 31 10:57:54 php [Suricata] Emerging Threats Open rules file update downloaded successfully.
    Jul 31 10:57:50 php [Suricata] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
    Jul 31 10:57:49 php [Suricata] Downloading and updating configured rule types.
    Jul 31 10:57:49 php [Suricata] Configuration version is current.
    Jul 31 10:57:49 php [Suricata] Checking configuration settings version...
    Jul 31 10:57:49 php [Suricata] Saved settings detected... rebuilding installation with saved settings.
    Jul 31 10:57:49 check_reload_status Syncing firewall
    Jul 31 10:57:49 php [Suricata] GeoLite2-Country database update check finished.
    Jul 31 10:57:49 php [Suricata] Copying new database to /usr/local/share/suricata/GeoLite2/GeoLite2-Country.mmdb...
    Jul 31 10:57:49 php [Suricata] Unzipping new GeoLit2-Country database archive...
    Jul 31 10:57:49 php [Suricata] New GeoLite2-Country IP database gzip archive successfully downloaded.
    Jul 31 10:57:44 php [Suricata] Checking for updated MaxMind GeoLite2 IP database file...
    Jul 31 10:57:44 php [Suricata] Installing free GeoLite2 country IP database file in /usr/local/share/suricata/GeoLite2/...
    Jul 31 10:57:44 check_reload_status Syncing firewall
    Jul 31 10:57:44 php /etc/rc.packages: Beginning package installation for suricata .
    Jul 31 10:57:43 php [Suricata] Clearing all Suricata-related log files...
    Jul 31 10:57:43 check_reload_status Syncing firewall
    Jul 31 10:57:43 check_reload_status Syncing firewall
    Jul 31 10:57:40 php [Suricata] Suricata package uninstall in progress...



  • Are you sure you have connectivity to the AWS infrastructure where the Snort rules are hosted? Are you running any other package such as pfBlockerNG with DNSBL? Sometimes in the past the IP space where the Snort rules are hosted has wound up on somebody's "bad IP space" list.

    How long have you waited for the download to compete? Depending on your Internet connectivity and how busy the pathway is between you and the site, it could take several minutes for the rules to download.

    Finally, are you using a RAM Disk? If so, you need at least 256 MB of free space in /tmp for rules downloads to succeed.


Log in to reply