Snort Emerging rules vanished!
I modify a suppress list this morning, stop Snort 2.9.1 pkg v. 2.0.2 , start it I get:
2011-12-12 12:36:50 Daemon.Error x.x.x.x snort: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_18203_pppoe0//usr/local/etc/snort/snort_18203_pppoe0/rules/emerging-activex.rules": No such file or directory.
It would not start, the /usr/local/etc/snort/snort_18203_pppoe0/rules/emerging* rules were gone. ???
Try to Update the rules to no avail.
In the end I removed the /usr/local/etc/snort/emerging.rules.tar.gz.md5, Update the rules and snort started ok.
Again today, I stop snort and the Emergings rules were gone !!!!
One other issue I have is that when I change the Update from 12Hrs to 1 Day, snort still update every 12hrs.
The only thing that change in the conf is :
- <autorulesupdate7>12h_up</autorulesupdate7> + <autorulesupdate7>1d_up</autorulesupdate7>
this section remain unchanged
<minute>3</minute> <hour>*/12</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command></command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log
I stop snort, make the change, start snort and I will see 2morrow wha happen.
Snort still update every 12hres ??? !!!!
marcelloc last edited by
Install cron package and see if you can change this schedule.
Yup I can
I'm back on 24hres update