Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FYI -- If you experience issues updating rules with latest Snort and Suricata updates, read this!

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 259 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by bmeeks

      The majority of users will likely be fine. But if you happen to experience issues updating your Snort or Suricata rules upon installing the package updates posted today (Snort-3.2.9.10_3, Suricata-5.0.2_1 or Suricata4-4.1.7_2), then read on.

      There was a bug in the code that chooses a random minutes value for the update time. If the random minutes value was less than 10, the code would not properly pad the resulting string so that it was always two digits. In other words, it would fail to change "9" to "09". If the random number chosen was greater than 10, then no problem occurred.

      If you are impacted by this bug, it will likely show up as an error either on the GLOBAL SETTINGS tab when viewing the value or maybe the rules update cron task might throw an error.

      If either of these occur, the fix is simple. Go to the GLOBAL SETTINGS tab and scroll down to the Rules Update Start Time field. Make sure that both the hours and minutes values are two digits each padded with zeroes if required. Save the change. A fix for this is posted for review and merge and will show up in the next package updates for all the IDS/IPS packages.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.