SNORT update problem



  • Hello,

    I've recently installed pfsense 2.0 RC3. It's configured and working fine.

    I just installed Snort.

    I configured all general settings to my WAN. Put in my oink code and even purchased a VRT subscription for 30$ from snort.org

    I clicked on update my rules and this is what I get

    SNORT.ORG >>>  N/A
    EMERGINGTHREATS.NET >>>  N/A
    PFSENSE.ORG >>>  "e8a95fd5f1b40e878fedeffd585134bb"

    I did install the Emergingthreats rules list in the general settings.

    Does anybody know if I need to modify the oinkmaster.conf? IS there a way to verify if it's downloading the snort package correctly.

    I apologize this is my first time using pfsense/squid/snort and I'm very happy with it.



  • did you see the rules under the interface setup? Categories

    if rules are there, then it downloaded them.

    I could be wrong, put your oink code determines if you get the basic or premium rules.



  • In the categories section I see, I'm assuming this is only from the Emerging threats rule DB.
    When I log into my snort.org account it does show I purchased a VRT license for 29.99.

    Enabled Ruleset: Rules that end with "so.rules" are shared object rules.
    emerging-activex.rules
    emerging-attack_response.rules
    emerging-botcc.rules
    emerging-chat.rules
    emerging-ciarmy.rules
    emerging-compromised.rules
    emerging-current_events.rules
    emerging-deleted.rules
    emerging-dns.rules
    emerging-dos.rules
    emerging-drop.rules
    emerging-dshield.rules
    emerging-exploit.rules
    emerging-ftp.rules
    emerging-games.rules
    emerging-icmp.rules
    emerging-icmp_info.rules
    emerging-imap.rules
    emerging-inappropriate.rules
    emerging-malware.rules
    emerging-misc.rules
    emerging-mobile_malware.rules
    emerging-netbios.rules
    emerging-p2p.rules
    emerging-policy.rules
    emerging-pop3.rules
    emerging-rbn-malvertisers.rules
    emerging-rbn.rules
    emerging-rpc.rules
    emerging-scada.rules
    emerging-scan.rules
    emerging-shellcode.rules
    emerging-smtp.rules
    emerging-snmp.rules
    emerging-sql.rules
    emerging-telnet.rules
    emerging-tftp.rules
    emerging-tor.rules
    emerging-trojan.rules
    emerging-user_agents.rules
    emerging-virus.rules
    emerging-voip.rules
    emerging-web_client.rules
    emerging-web_server.rules
    emerging-web_specific_apps.rules
    emerging-worm.rules
    pfsense-voip.rules

    I have scene in other forums that snort rules start with

    snort-activex

    any help would be greatly appreciated



  • under Global Settings, did you check "Install Basic Rules or Premium rules " and put your oink code in "Oinkmaster code" field?

    I only use basic rules and it updating for me. I've must have updated my rules 3-4 times already today as i've been doing testing with the updated snort package.

    any errors on the update page when you Update Rules, anything in your system log?



  • I waited a day and tried to update several times.

    After posting on this forum it seems everything is good now.

    It finally appeared

    SNORT.ORG >>>  "4e65d3dfa6cf8f804d053d7fa0c44c2e"

    yay thanks everyone for your help, guess I just had to be patient



  • :-) thank Emarl as he has been fixing the bugs



  • I've installed pfsense 1.2.3 STABLE successfully.  Everything running great.  However when I attempt to UPDATE snort after inserting my oinkcode, nothing happens.  I can click the UPDATE button as many times as I want, but it doesn't react at all.  I cannot seem to figure out how to get it to update.  Would prefer to resolve this rather than manually download the snort package and untar it, etc.  Any assistance would be appreciated.  Thanks!



  • @miles

    I had this problem.

    Symptoms: Clicking the Updates >> Update Rules button does nothing (SFA) - Can't update Snort rules
    Cause: Browser incompatibility
    Resolution: Don't use Internet Explorer, switch to Firefox.



  • I am not sure the status of snort on 1.2.3 but on 2.0 it works out.


Log in to reply