Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rookie having problem with Snort

    pfSense Packages
    2
    3
    1415
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      clangren last edited by

      I'm a new user of Snort, loaded it yesterday. Using pfsense 1.2.3 and Snort 2.8.6 (pkg v 1.27). Went for the subscription/premium service on Snort. I successfully downloaded and installed Emergingthreats but could not get Snort to load rules. I read many of the posts on this forum and on Snort but probably missed finding the solution which is likely posted. Nonetheless I narrowed down what I perceived the problem to be in two php files: /usr/local/www/snort/snort_download_rules.php and /usr/local/pkg/snort/snort_check_for_rule_updates.php. It appeared (again rookie status) that the variable definitions which pointed at the Snort site had not been updated to account for the new naming convention from the end of June. It also appeared that some of the scripting, inparticular the calls to 'download_file_with_progress_bar' (defined in /usr/local/www/system_firmware_auto.php) had this same potential issue. I edited the file /usr/local/pkg/snort/snort_check_for_rule_updates.php at lines 35, 36, 214, 216, 253, 275 and 384. Also edited the file /usr/local/www/snort/snort_download_rules.php at line 42, 43, 394, 396, 433, 477 and 616. The filenames went generally from "snortrules-snapshot-2.8.tar.gz" or ".md5" to "snortrules-snapshot-2860.tar.gz" or ".md5". The calls to 'download_file_with_progress_bar' went generally to "download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/'myoinkcode typed out here'/snortrules-snapshot-2860.tar.gz", $tmpfname . "/{$snort_filename}");".

      Also, when I look at "Services, Snort" the interface shows stopped, but when I look in "Status, Services" it shows Snort as running. The system.log supports what is reported in "Status, Services". Is this normal?

      Just for the record I did try remove and reinstall several times before exploring the php code.

      Any help or direction would be most appreciated.

      Thanks,
      Carl

      1 Reply Last reply Reply Quote 0
      • D
        DigitalJer last edited by

        Auto-updating SNORT rules is not working at the moment :(

        Check out http://forum.pfsense.org/index.php/topic,26382.0.html for more….

        1 Reply Last reply Reply Quote 0
        • C
          clangren last edited by

          Thanks very much for the feedback.
          Regards,
          Carl

          PS >> And many thanks to jamesdean!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy