Snort won't download rules (yes I have an Oinkcode…)



  • Pardon the newbie question.

    I just installed pfSense in a VMware ESXi VM and have it successfully configured as a basic NAT and firewall. I added the standard release Snort package (not dev), let it install, and followed the config pages as described in the FAQ.  I added my oinkcode, and so forth, but when I go to the Update Rules tab, I see it downloading some stuff and then it briefly flashes some sort of download error, and then there are no rules.  Of course it will only let me retry every 15 minutes.

    Some basic troubleshooting steps would be great appreciated.

    Thanks-



  • I have not used the Snort package yet, but login to your pfSense box, get a shell, and go to /var/log.  The error message may be in one of the log messages in this folder.  This should get you started in the right direction…



  • I had the same issue today.  I went to their homepage and it was down, so I take it they were having problems.

    I've personally had problems getting  updates periodically, and if I wait a day or so it seems to work.  I thought it was just my setup, but then I setup another box, and it's a new build with a different subscription and it get's periodic problems also.  So I'm leaning to problems with snort.org.  Not often, but once in a while.  TODAY for sure.



  • You're right, the problem was at snort.org's end.  Tried again this morning and I'm up and running.



  • Me too.

    I can manualy download the files but snort seems to give up. I dont mind putting them in myself but where do I do them and do I simply put the tar type file there or do I have to uncompress them.

    I only installed snort today but not one catagory and rule appears….

    Ideas?



  • @secs:

    Me too.

    I can manualy download the files but snort seems to give up. I dont mind putting them in myself but where do I do them and do I simply put the tar type file there or do I have to uncompress them.

    I only installed snort today but not one catagory and rule appears….

    Ideas?

    This issue is also being discussed in another thread also on this board and I gave a solution there too.

    Instructions for manual rule instructions can be found at:
    http://forum.pfsense.org/index.php?topic=15464.0 or

    http://doc.pfsense.org/index.php/Why_won't_snort_properly_download_rules%3F

    Basically, you extract the files, and then places the rules in the snort rules folder.


Log in to reply