Snort Emerging rules vanished!



  • I modify a suppress list this morning, stop Snort 2.9.1 pkg v. 2.0.2 , start it I get:

    2011-12-12 12:36:50	Daemon.Error	x.x.x.x snort[58089]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_18203_pppoe0//usr/local/etc/snort/snort_18203_pppoe0/rules/emerging-activex.rules": No such file or directory.
    

    It would not start, the /usr/local/etc/snort/snort_18203_pppoe0/rules/emerging* rules were gone.  ???
    Try to Update the rules to no avail.

    In the end I removed the /usr/local/etc/snort/emerging.rules.tar.gz.md5, Update the rules and snort started ok.



  • Again today, I stop snort and the Emergings rules were gone !!!!

    One other issue I have is that when I change the Update from 12Hrs to 1 Day, snort still update every 12hrs.

    The only thing that change in the conf is :

    - <autorulesupdate7>12h_up</autorulesupdate7>
    + <autorulesupdate7>1d_up</autorulesupdate7>
    

    this section remain unchanged

    		 <minute>3</minute>
    			<hour>*/12</hour>
    			<mday>*</mday>
    			<month>*</month>
    			<wday>*</wday>
    			<who>root</who>
    			<command></command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log 
    

    I stop snort, make the change, start snort and I will see 2morrow wha happen.



  • Snort still update every 12hres  ??? !!!!



  • Install cron package and see if you can change this schedule.



  • Yup I can
    I'm back on 24hres update
    Thanks you


Log in to reply