Snort will not download snort rules.
-
It appears right after the last update, snort will no longer download snort rules. Other rules are downloading fine.
Error in logs
snort[24521]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_33581_em0//usr/local/etc/snort/snort_33581_em0/reference.config": No such file or directory.
Already uninstalled and reinstalled.
Thanks in advance
-
i did a reinstall this morning and my updates downloaded fine. If your using the free snort rules, snot only allows you to update once an hour i believe.
-
i see the issue you are having… when you update your rules or reboot your box does snort startup?
-
Fixed.
Try after 15 minutes.
-
ok…after looking into this more i don't think it was a snort issue.
I went to check snort.org to make sure nothing was up with my oki code.
It appears openDNS is blocking snort.org
"This host was blocked by OpenDNS in response to the Conficker virus, the Microsoft IE zero-day vulnerability, an equally serious vulnerability, or some other threat.If you think this shouldn't be blocked, please email us at malware-block@opendns.com."
pf is setup to use opendns, once i changed the dns servers the rules would update.
Sorry for the confusion. :(
-
Why the hell is OpenDNS blocking Snort.org of all places? Does this mean "all their clients" networks are not able to reach the SNORT.org VRT updates?