FYI -- If you experience issues updating rules with latest Snort and Suricata updates, read this!


  • The majority of users will likely be fine. But if you happen to experience issues updating your Snort or Suricata rules upon installing the package updates posted today (Snort-3.2.9.10_3, Suricata-5.0.2_1 or Suricata4-4.1.7_2), then read on.

    There was a bug in the code that chooses a random minutes value for the update time. If the random minutes value was less than 10, the code would not properly pad the resulting string so that it was always two digits. In other words, it would fail to change "9" to "09". If the random number chosen was greater than 10, then no problem occurred.

    If you are impacted by this bug, it will likely show up as an error either on the GLOBAL SETTINGS tab when viewing the value or maybe the rules update cron task might throw an error.

    If either of these occur, the fix is simple. Go to the GLOBAL SETTINGS tab and scroll down to the Rules Update Start Time field. Make sure that both the hours and minutes values are two digits each padded with zeroes if required. Save the change. A fix for this is posted for review and merge and will show up in the next package updates for all the IDS/IPS packages.