Snort Updating problems !!!
-
I have watched you insult users time and time again. I understand your frustred but that is no excuse to insult users.
James
removed
-
Taking longer than expected, seems they moved the files to https server.
Have to figure out a way to do this.hxxps://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId
Please be patient
James
-
Thanks for the update jamesdean, Take your time, no rush
cdx304, which "other" firewall do you keep referring to?
also maybe the snort maintainer for that product fixed the problem before you even noticed there was one or shortly there after. who knows it may be there job, like I said before, most package maintainers donate their time, they have other lives and jobs. Dont like that its not working, and dont want to wait, fix it yourself, not hard to do or to learn how to do, just takes time and patience, thats the beauty of opensource. -
I praise the James for his way of participating in this discussion.
He is my Hero ::). Well done James.
-
Same issue. As always, thanks James. I was looking at snorts website and they indicate under their VRT to change your oinkmaster.conf
Oinkcode
Downloading with your Oinkcode
Important NoteWe are changing the way we publish rules. In June 2010 we stopped offering rules in the "snortrules-snapshot-CURRENT" format. Instead, rules are released for specific versions of Snort. You will be responsible for downloading the correct rules release for your version of Snort. The new versioning mechanism will require a four digit version in the file name. For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort 2.8.5.3, the download links would look as follows:
Configuring Oinkmaster
In order to use Oinkmaster to update Snort with VRT rules you must edit oinkmaster.conf.In the oinkmaster.conf modify "url" to:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here="">/<filename></filename></oinkcode>
-
I hope my last post helps.
-
I wish it was as easy as pointing to a url.
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here="">/ <filename>The file you get from that url you posted redirects to a https server.
Users on the snort.org mail-lists are having trouble with that redirect.
Suggested fix is to install a perl mod that understands https.
I am trying to avoid using Oinkmaster perl script.I'm trying to do this in pure php script.
While I am hear might as well rewrite the whole "update tab" to include snort GUI updates to.
I been wanting to do this for a long time, I guess this is a good thing for us.James
Same issue. As always, thanks James. I was looking at snorts website and they indicate under their VRT to change your oinkmaster.conf
Oinkcode
Downloading with your Oinkcode
Important NoteWe are changing the way we publish rules. In June 2010 we stopped offering rules in the "snortrules-snapshot-CURRENT" format. Instead, rules are released for specific versions of Snort. You will be responsible for downloading the correct rules release for your version of Snort. The new versioning mechanism will require a four digit version in the file name. For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort 2.8.5.3, the download links would look as follows:
Configuring Oinkmaster
In order to use Oinkmaster to update Snort with VRT rules you must edit oinkmaster.conf.In the oinkmaster.conf modify "url" to:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here="">/ <filename></filename></oinkcode></filename></oinkcode>
-
Thanks JamesDean.
I appreciate your class-act approach!
-
Same here, I appreciate everything as well. 8)
-
I figured I'd post this here in case people want to update their definitions manually. I used this post but updated the instructions to the current version.
http://forum.pfsense.org/index.php/topic,15464.msg81197.html#msg811971- Download the rules manually by logging to the shell and type this
fetch http://www.snort.org/pub-bin/oinkmaster.cgi/Oinkcode/snortrules-snapshot-2860.tar.gz
2 - Make temp directory and copy rules
mkdir /tmp/temp
cp snortrules-snapshot-2860.tar.gz /tmp/temp
3- extract the file with this command
tar -zxvf /tmp/temp/snortrules-snapshot-2860.tar.gz
4- Find interface name - it will be in a snort_#_interface format
ls /usr/local/etc/snort/
5- copy rules to rules directory
cp tmp/temp/rules/. /usr/local/etc/snort/interfacename/rules
6- Remove temp directory
rm -r /tmp/temp
7 - Restart Snort. This did it for me on a clean install.Hope this helps someone out.
-
Jammes, can you add options to manual update snort packet? :)
-
Has the package been fixed .I had to do a reinstall because of drive faulty hard drive .I see in the packeage list the snort package has the same number ?
-
I figured I'd post this here in case people want to update their definitions manually. I used this post but updated the instructions to the current version.
http://forum.pfsense.org/index.php/topic,15464.msg81197.html#msg811971- Download the rules manually by logging to the shell and type this
fetch http://www.snort.org/pub-bin/oinkmaster.cgi/Oinkcode/snortrules-snapshot-2860.tar.gz
2 - Make temp directory and copy rules
mkdir /tmp/temp
cp snortrules-snapshot-2860.tar.gz /tmp/temp
3- extract the file with this command
tar -zxvf /tmp/temp/snortrules-snapshot-2860.tar.gz
4- Find interface name - it will be in a snort_#_interface format
ls /usr/local/etc/snort/
5- copy rules to rules directory
cp tmp/temp/rules/. /usr/local/etc/snort/interfacename/rules
6- Remove temp directory
rm -r /tmp/temp
7 - Restart Snort. This did it for me on a clean install.Hope this helps someone out.
I tried the copy comand and it does not work for me .Everything else worked .
thanks for the help
-
@cdx304:
I figured I'd post this here in case people want to update their definitions manually. I used this post but updated the instructions to the current version.
http://forum.pfsense.org/index.php/topic,15464.msg81197.html#msg811971- Download the rules manually by logging to the shell and type this
fetch http://www.snort.org/pub-bin/oinkmaster.cgi/Oinkcode/snortrules-snapshot-2860.tar.gz
2 - Make temp directory and copy rules
mkdir /tmp/temp
cp snortrules-snapshot-2860.tar.gz /tmp/temp
3- extract the file with this command
tar -zxvf /tmp/temp/snortrules-snapshot-2860.tar.gz
4- Find interface name - it will be in a snort_#_interface format
ls /usr/local/etc/snort/
5- copy rules to rules directory
cp tmp/temp/rules/. /usr/local/etc/snort/interfacename/rules
6- Remove temp directory
rm -r /tmp/temp
7 - Restart Snort. This did it for me on a clean install.Hope this helps someone out.
I tried the copy comand and it does not work for me .Everything else worked .
thanks for the help
I ended up having to use this line instead to copy the files. Worked for me, but only an expert can tell me if I actually did it correctly. Still kinda new to all of this. ;)
cp rules/. /usr/local/etc/snort/interfacename/rules
Thanks again JamesDean for everything!! :D
-
Yeah. You did it correctly. I was just looking back at what I had posted and realized I had put the wrong thing. Sorry. It was late when I posted this.
-
James, if you're rewriting parts of the updating anyways, I'd like to +1 simby's request of adding a manual update feature (ie. http interface to upload and install a snort ruleset .tgz). If that would get everyone by in a pinch if there are similar future changes to the download procedure.
Big thanks for your work on this package!
-
Well I am glad they are releasing rules for specific versions of snort now instead of coming out with a new version of snort and breaking the rules for the old versions. That alone will solve most of the headaches when dealing with snort.
That being said good job as always JD! And for those that continue to bitch about a FREE product that kicks ass of most alternatives you have to PAY for…... Then go BUY something else!
People who can't comprend how to navigate and manipulate file systems should not be messing around with ANYONES network let alone their firewall/router. But hey that is just my opinion….
-
@cdx304:
I figured I'd post this here in case people want to update their definitions manually. I used this post but updated the instructions to the current version.
http://forum.pfsense.org/index.php/topic,15464.msg81197.html#msg811971- Download the rules manually by logging to the shell and type this
fetch http://www.snort.org/pub-bin/oinkmaster.cgi/Oinkcode/snortrules-snapshot-2860.tar.gz
2 - Make temp directory and copy rules
mkdir /tmp/temp
cp snortrules-snapshot-2860.tar.gz /tmp/temp
3- extract the file with this command
tar -zxvf /tmp/temp/snortrules-snapshot-2860.tar.gz
4- Find interface name - it will be in a snort_#_interface format
ls /usr/local/etc/snort/
5- copy rules to rules directory
cp tmp/temp/rules/. /usr/local/etc/snort/interfacename/rules
6- Remove temp directory
rm -r /tmp/temp
7 - Restart Snort. This did it for me on a clean install.Hope this helps someone out.
I tried the copy comand and it does not work for me .Everything else worked .
thanks for the help
I ended up having to use this line instead to copy the files. Worked for me, but only an expert can tell me if I actually did it correctly. Still kinda new to all of this. ;)
cp rules/. /usr/local/etc/snort/interfacename/rules
Thanks again JamesDean for everything!! :D
I tried this method and still does not work I hope this package gets fixed beause running my cisco box is getting real old !!
-
any news?
-
When I discovered last week there were some issues with updating. I was doing everything I could to get SNORT to install updates. I even deinstalled an reinstalled the packaged before I checked the fourms and found that others were having issues as well. I am noticing that SNORT is not releasing blocked IP's after 1 hour, which is what I have it set to release blocked offenders. I never had the issue before until after the uninstall and reinstall of the package. I tried the uninstall and reinstall of the package again and get the same results.
Any ideas on what this is about? Has anyone else notice this or have this issue?
Thanks,
Matt