Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort not updating today

    Scheduled Pinned Locked Moved IDS/IPS
    6 Posts 4 Posters 675 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Waqar.UK
      last edited by Waqar.UK

      Anyone else seeing that Snort is not updating today?
      I tried "force update" as well. All my packages are up to date.
      If I goto
      system advanced -> miscellaneous -> then see
      "RAM Disk Settings (Reboot to Apply Changes)".

      Screen grabs are proof 2.png 1.png of what I am talking about.

      I have 8 GB RAM with a 15-5250U Qotom mini PC as a firewall.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        RAM disks are a VERY bad idea for Snort and Suricata because the disk can run out of space during updates. Snort and Suricata cleanup after themselves when an update completes (whether it succeeds or fails), so when you go and look at the pfSense Dashboard you won't see the RAM disk out of space.

        To see if that is the problem, examine the pfSense system log and look for any errors there about disk space.

        There was also apparently a temporary issue with some of the SSL certs used on some pfSense URLs. If you are using the OpenAppID text rules, that very well could be the problem. That download failed due to the expired SSL cert on the pfSense host where those files reside. You can examine the Update Log on the UPDATES tab to verify. If the SSL cert expiration is your problem, it will resolve itself when the SSL cert is updated on the server. There is nothing you can do from your end.

        GertjanG 1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by

          Mine didn't update either, it was a cert issue the far end.

          All working fine now.

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @bmeeks
            last edited by

            There was also apparently a temporary issue with some of the SSL certs used on some pfSense....

            See https://forum.netgate.com/topic/158413/snort-appid-open-text-rules-failed-to-update-expired-ssl-certificate-on-files-pfsense-org/2?_=1605624472029

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • W
              Waqar.UK
              last edited by

              Thanks I will wait for the certificate to propagate. Also I will not use RAM disks.

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @Waqar.UK
                last edited by

                @Waqar-UK said in Snort not updating today:

                Thanks I will wait for the certificate to propagate

                Certs, https or whatever TLS is, is never cached.
                Because you can't cache it .... the cache-in-the-middle can't find info like a time stamp or a (image) file : its all encrypted - just a binary stream.
                The next time you visit the server it will include the new cert, the browser won't yell and all will be fine again.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.