Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SNORT update problem

    pfSense Packages
    5
    9
    3299
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dctr_mas last edited by

      Hello,

      I've recently installed pfsense 2.0 RC3. It's configured and working fine.

      I just installed Snort.

      I configured all general settings to my WAN. Put in my oink code and even purchased a VRT subscription for 30$ from snort.org

      I clicked on update my rules and this is what I get

      SNORT.ORG >>>  N/A
      EMERGINGTHREATS.NET >>>  N/A
      PFSENSE.ORG >>>  "e8a95fd5f1b40e878fedeffd585134bb"

      I did install the Emergingthreats rules list in the general settings.

      Does anybody know if I need to modify the oinkmaster.conf? IS there a way to verify if it's downloading the snort package correctly.

      I apologize this is my first time using pfsense/squid/snort and I'm very happy with it.

      1 Reply Last reply Reply Quote 0
      • C
        Cino last edited by

        did you see the rules under the interface setup? Categories

        if rules are there, then it downloaded them.

        I could be wrong, put your oink code determines if you get the basic or premium rules.

        1 Reply Last reply Reply Quote 0
        • D
          dctr_mas last edited by

          In the categories section I see, I'm assuming this is only from the Emerging threats rule DB.
          When I log into my snort.org account it does show I purchased a VRT license for 29.99.

          Enabled Ruleset: Rules that end with "so.rules" are shared object rules.
          emerging-activex.rules
          emerging-attack_response.rules
          emerging-botcc.rules
          emerging-chat.rules
          emerging-ciarmy.rules
          emerging-compromised.rules
          emerging-current_events.rules
          emerging-deleted.rules
          emerging-dns.rules
          emerging-dos.rules
          emerging-drop.rules
          emerging-dshield.rules
          emerging-exploit.rules
          emerging-ftp.rules
          emerging-games.rules
          emerging-icmp.rules
          emerging-icmp_info.rules
          emerging-imap.rules
          emerging-inappropriate.rules
          emerging-malware.rules
          emerging-misc.rules
          emerging-mobile_malware.rules
          emerging-netbios.rules
          emerging-p2p.rules
          emerging-policy.rules
          emerging-pop3.rules
          emerging-rbn-malvertisers.rules
          emerging-rbn.rules
          emerging-rpc.rules
          emerging-scada.rules
          emerging-scan.rules
          emerging-shellcode.rules
          emerging-smtp.rules
          emerging-snmp.rules
          emerging-sql.rules
          emerging-telnet.rules
          emerging-tftp.rules
          emerging-tor.rules
          emerging-trojan.rules
          emerging-user_agents.rules
          emerging-virus.rules
          emerging-voip.rules
          emerging-web_client.rules
          emerging-web_server.rules
          emerging-web_specific_apps.rules
          emerging-worm.rules
          pfsense-voip.rules

          I have scene in other forums that snort rules start with

          snort-activex

          any help would be greatly appreciated

          1 Reply Last reply Reply Quote 0
          • C
            Cino last edited by

            under Global Settings, did you check "Install Basic Rules or Premium rules " and put your oink code in "Oinkmaster code" field?

            I only use basic rules and it updating for me. I've must have updated my rules 3-4 times already today as i've been doing testing with the updated snort package.

            any errors on the update page when you Update Rules, anything in your system log?

            1 Reply Last reply Reply Quote 0
            • D
              dctr_mas last edited by

              I waited a day and tried to update several times.

              After posting on this forum it seems everything is good now.

              It finally appeared

              SNORT.ORG >>>  "4e65d3dfa6cf8f804d053d7fa0c44c2e"

              yay thanks everyone for your help, guess I just had to be patient

              1 Reply Last reply Reply Quote 0
              • C
                Cino last edited by

                :-) thank Emarl as he has been fixing the bugs

                1 Reply Last reply Reply Quote 0
                • M
                  miles267 last edited by

                  I've installed pfsense 1.2.3 STABLE successfully.  Everything running great.  However when I attempt to UPDATE snort after inserting my oinkcode, nothing happens.  I can click the UPDATE button as many times as I want, but it doesn't react at all.  I cannot seem to figure out how to get it to update.  Would prefer to resolve this rather than manually download the snort package and untar it, etc.  Any assistance would be appreciated.  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • F
                    feenics last edited by

                    @miles

                    I had this problem.

                    Symptoms: Clicking the Updates >> Update Rules button does nothing (SFA) - Can't update Snort rules
                    Cause: Browser incompatibility
                    Resolution: Don't use Internet Explorer, switch to Firefox.

                    1 Reply Last reply Reply Quote 0
                    • E
                      eri-- last edited by

                      I am not sure the status of snort on 1.2.3 but on 2.0 it works out.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy