Suricata not updating Snort Subscriber Rules
-
For some reason Suricata isn't downloading the Snort Subscriber Rules list.
Anyone else experiencing this as well?
(https://gyazo.com/07a166b2a3f52b94d3bb207f0f2c5083)
-
What version of the Snort Subscriber Rules are you trying to download? Suricata, unlike Snort, cannot automatically determine the "current" version of Snort rules. It will only try to download the exact tarball filename you specify on the GLOBAL SETTINGS tab. The Snort team periodically deprecates older rules versions, so if you have one of those older rules tarball filenames entered on GLOBAL SETTINGS your download will fail because the file has been removed by the Snort team.
So either post up what you have entered for Snort rules filename on the GLOBAL SETTINGS tab, or go visit https://www.snort.org and see if the filename you have configured is still actually available for download.
You may also want to review this Sticky Post for tips on using Snort Subscriber Rules with Suricata.
-
Thank you for the response. I didn't have the proper tarball file name set, but after doing so everything is working great.
Also the sticky you provided was a good read.
Thanks
