Snort Emerging rules vanished!

  • I modify a suppress list this morning, stop Snort 2.9.1 pkg v. 2.0.2 , start it I get:

    2011-12-12 12:36:50	Daemon.Error	x.x.x.x snort[58089]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_18203_pppoe0//usr/local/etc/snort/snort_18203_pppoe0/rules/emerging-activex.rules": No such file or directory.

    It would not start, the /usr/local/etc/snort/snort_18203_pppoe0/rules/emerging* rules were gone.  ???
    Try to Update the rules to no avail.

    In the end I removed the /usr/local/etc/snort/emerging.rules.tar.gz.md5, Update the rules and snort started ok.

  • Again today, I stop snort and the Emergings rules were gone !!!!

    One other issue I have is that when I change the Update from 12Hrs to 1 Day, snort still update every 12hrs.

    The only thing that change in the conf is :

    - <autorulesupdate7>12h_up</autorulesupdate7>
    + <autorulesupdate7>1d_up</autorulesupdate7>

    this section remain unchanged

    			<command></command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log 

    I stop snort, make the change, start snort and I will see 2morrow wha happen.

  • Snort still update every 12hres  ??? !!!!

  • Install cron package and see if you can change this schedule.

  • Yup I can
    I'm back on 24hres update
    Thanks you

Log in to reply