Unable to download snort rules



  • HI
    I recently added pfsense to our production environment.

    I have installed packages : Snort 2.8.6 pkg v. 1.27

    after i configured snort, When i am updating the rules, its only installed emerging rules, which is bellow :
    emerging-attack_response.rules
    emerging-compromised.rules
    emerging-current_events.rules
    emerging-dos.rules
    emerging-drop.rules
    emerging-dshield.rules
    emerging-exploit.rules
    emerging-game.rules
    emerging-inappropriate.rules
    emerging-malware.rules
    emerging-p2p.rules
    emerging-policy.rules
    emerging-rbn.rules
    emerging-scan.rules
    emerging-tor.rules
    emerging-user_agents.rules
    emerging-virus.rules
    emerging-voip.rules
    emerging-web.rules
    emerging-web_client.rules
    emerging-web_server.rules
    emerging-web_specific_apps.rules
    emerging-web_sql_injection.rules
    emerging.rules
    pfsense-voip.rules

    But It does not download any rules from Snort.org
    How will i be able to download snort rules  ???

    Thanks for your advise .
    I have attached the picture



  • Update Snort to 2.8.6 pkg v. 1.30.
    Save - Global Settings.
    Then try Update rules.



  • Hi thanks for the quick response

    But how will i update to 1.30. I am not seeing any options to update

    Bellow information is from ,installed packages list.

    snort Security
    Package Info  Current: 2.8.6 pkg v. 1.30
    Installed: 2.8.6 pkg v. 1.27

    Description

    Used by fortune 500 companies and governments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. [Remove this package.]
    [Reinstall this package.] [Reinstall this package's GUI components.]



  • First, In Services: Snort.., select - Keep snort settings after deinstall and save the Global settings
    This will store old snort settings and applies that settings back, after the snort is updated.

    Click on [Reinstall this package.] from Installed packages list.

    Wait for the installation to complete. Check Global Settings and then Save.
    In snort interfaces tab, stop the snort service (I do like that ::)), then try for update rules.
    After updating rules start the snort service.



  • HI thanks
    I updated the snort to 1.30

    Snort service is stoped.
    Now i am trying to update rules, its wait for couple of minutes but then it does not update anything

    its saying : The rules directory is empty.(Snort->Rule update)
    WARNING:  The main rules directory is empty. /usr/local/etc/snort/rules

    If i go to : SnortInterface->WanInterface->category-> # The rules directory is empty. /usr/local/etc/snort/snort_63732_re0/rules

    what to do now ?
    thanks for your help



  • NOp, it downloading,
    After reinstall, i did not press Save on Global settingS!!!!

    after i press save on global settings, its downloading

    Thanks


Log in to reply