Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense and Snort VRT Subscription

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miles267
      last edited by

      I was successfully using a basic, free Snort oinkmaster subscription with pfsense 2.0.1-release.  However i recently purchased a snort VRT one-year subscription.  Though I noticed my oinkmaster code itself didn't change after the VRT subscription was purchased.  Is there any special that needs to be done in pfsense in order to utilize a VRT subscription or does snort recognize that a given oinkmaster code has been flagged for VRT?  Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I haven't looked lately but a while back when I helped someone set this up, there was a checkbox or drop-down that specified the VRT rules. The download URL was different.

        Snort changes their URLs and download schemes so often it's hard to keep track, it may still be the same or they may auto-detect like you speculate.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          miles267
          last edited by

          Thanks Jimp for the response.  If there's any way you could assist, it would be much appreciated.  I believe the URL for their Sourcefire VRT rules may be different but I wasn't sure where to edit this manually in the snort.conf (or elsewhere)?  However I did notice in pf 2.0.1-release within the Snort service there's a radio button for 'basic or premium' but only a single oink code can be entered.  Am sure others would benefit from this though I'm the only one that has asked the question (old topics have since been closed).

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The oink code is the same - it's your URL that changes, and that radio button makes it use the premium URL instead of the basic. So that's what you need to set.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • M
              miles267
              last edited by

              Jimp, in the Snort settings, there is a radio button with only two possible settings.  1.) do not install snort updates or 2.) install the basic or premium updates.  After that there is a dialog box for your oinkcode (which remains constant regardless of whether you have a basic or VRT/paid membership).  I currently have it set to option #2 and have the same oink code entered as I did for my basic membership.  It is pulling down updates, only the VRT categories aren't among them.

              In other words, there is no option to change the update URL for basic vs. VRT membership.  Unless this is hidding in a config file within 2.0.1-release?

              1 Reply Last reply Reply Quote 0
              • J
                jamesdean
                last edited by

                Sourcefire (snort.org) takes care of everything dynamically, we dont need no special urls.

                If you have premium rules they will send you premium rules tar file, else you get basic rules tar file.

                Reference
                http://www.snort.org/snort-rules/cli

                Robert

                1 Reply Last reply Reply Quote 0
                • M
                  miles267
                  last edited by

                  Thank you Jamesdean for clarifying how the pfsense snort package handles Sourcefire VRT/premium rules subscriptions.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.