Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Problems

    Scheduled Pinned Locked Moved pfSense Packages
    16 Posts 11 Posters 10.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      ??? Here is what it says when i try to update for 3 days now Please wait… You may only check for New Rules every 15 minutes... and this  Rules are released every month from snort.org. You may download the Rules at any time.
      What is going on and how do i fix it it was working fine ...

      1 Reply Last reply Reply Quote 0
      • J
        JustinHoMi
        last edited by

        I'm having the same problem. I just upgraded to pfsense 1.2.3, and reinstalled the latest snort package. Ever since, it just says that "Please wait… You may only check for New Rules every 15 minutes...". Even though I'm waiting hours (or days) inbetween tries. The ruleset is empty.

        1 Reply Last reply Reply Quote 0
        • G
          goulou
          last edited by

          Same story for me - I'm on 1.2.3 Snort Pkg 1.7 and all was fine prior to 2 days ago. At this point I can wait hours before attempting a rules update but get the same "please wait 15 minutes" message. Don't know but since Snort hasn't changed and at least a few users are reporting the same thing, sure sounds like something on the Snort server side has recently changed. If so wouldn't be the first time it's happened. Unlike one of the other Snort users in this thread, I do have an old(er) set of snort rules from past successful updates.

          I know James Dean has been seriously busy with work - not sure who else would be able to investigate? Too bad no way to individually select: update Emerging Threats to see if that at least pulls an update apart from the Snort rules update.

          1 Reply Last reply Reply Quote 0
          • B
            blueknigh7
            last edited by

            Actually, try using these instructions to manually update the rules.

            http://forum.pfsense.org/index.php?topic=15464.0 or

            http://doc.pfsense.org/index.php/Why_won't_snort_properly_download_rules%3F

            You'll have to use a shell but don't need to reboot at the end.  Just go to the snort page and click "save" for it to load the rules.

            I have the same issue - brand new installation of Pfsense using 2.8.4.1_5 pkg v.1.7 from the packages section.  I've tried every 3 hours today, and no go.  Let us know if someone needs logs or command output - I'm not much of a coder, but I can follow directions.  :)

            1 Reply Last reply Reply Quote 0
            • J
              JustinHoMi
              last edited by

              I looked at the code, but things have changed so much since I last messed with the snort package, that it's not going to be worth my effort to screw around with. I'm just downloading the rules manually for now.

              1 Reply Last reply Reply Quote 0
              • J
                JustinHoMi
                last edited by

                Tried updating the rules manually, and getting this error:

                snort[63763]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine.

                Any thoughts? I tried uninstalling/reinstalling, same thing. Might not be related.

                Edit: resolved by deleting /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so

                1 Reply Last reply Reply Quote 0
                • W
                  warzac
                  last edited by

                  I have the same probléme. the manuelly upgrade not work and snort don't work normally.
                  Anybody can help me

                  1 Reply Last reply Reply Quote 0
                  • B
                    blueknigh7
                    last edited by

                    @JustinHoMi:

                    Tried updating the rules manually, and getting this error:

                    snort[63763]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine.

                    Any thoughts? I tried uninstalling/reinstalling, same thing. Might not be related.

                    Edit: resolved by deleting /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so

                    I have the exact same error.  I did the same thing and renamed/deleted the file.

                    1 Reply Last reply Reply Quote 0
                    • ?
                      A Former User
                      last edited by

                      :( I tryed the manual update and does not seem to work for me .What happened with snort it worked so well for so long and the last time i stopped using Pfsense was because of this same problem .I have no idea why people have to play with things when they work perfectly .
                      Has anyone found out the problem yet .Snort still will not update and there is no errors ..

                      1 Reply Last reply Reply Quote 0
                      • D
                        davidindesignlondon.co.u
                        last edited by

                        Thanks JustinHoMi,

                        Worked perfectly! :)

                        –----------------------
                        Live with passion

                        1 Reply Last reply Reply Quote 0
                        • N
                          nufer
                          last edited by

                          I had the same problem.

                          solved by changing to basic rules in Global Configuration tab

                          1 Reply Last reply Reply Quote 0
                          • 0
                            0tt0
                            last edited by

                            @nufer:

                            I had the same problem.

                            solved by changing to basic rules in Global Configuration tab

                            Doesn't premium rules require a subscription? (And NOT just an Oinkcode=registration)

                            1 Reply Last reply Reply Quote 0
                            • L
                              LostInIgnorance
                              last edited by

                              With the premium rules, I am noticing I am not able to update them and I keep getting errors of:

                              Directory so_rules does not exist…

                              Error copying so_rules...

                              I use the basic and it updates fine.  I know snort came up with a new program two days ago.

                              1 Reply Last reply Reply Quote 0
                              • G
                                g4m3c4ck
                                last edited by

                                Lost: Broke for me too but I manually fixed it in this thread.http://forum.pfsense.org/index.php/topic,24434.15.html

                                1 Reply Last reply Reply Quote 0
                                • P
                                  pneumoboy
                                  last edited by

                                  Hello all…

                                  I am running 1.2.3 with snort 2.8.5.3 v1.22 (upgraded two days ago after the so directory error appeared).

                                  I cannot update my rules when I have the "Premium Rules" box check (despite being a snort VRT subscriber). I had to select "Basic Rules" in order to get the updates.

                                  Right now I am not sure I am getting the most recent/up-to-date rules from snort, or if I am getting the 30-day (non-subscriber) rules. I know there are different URLs for the rule snapshots depending on if you are just registered or if you are a subscriber.

                                  I see others are having this problem, but I have not seen a definite fix. Any suggestion?

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    pneumoboy
                                    last edited by

                                    Good news! Just saw an updated snort package is out. Version 2.8.5.3 pkg v. 1.23 is working with Premium Rules. Not only was I able to download all the rules, but snort started with no errors when I enabled every category (with defaults) on the WAN interface.

                                    Thanks to the pfSense team for an awesome product!

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.