Snort won't download ruleset



  • Hi all,

    I've had Snort installed for a while now.  But, I had never configured it.  A couple of days ago, I updated to the latest 2.9.2.3.  I'm running on 64 bit 2.0.1 pfSense.  I added in my Oinkmaster code.  But, when I try to update the rules, it runs very quickly and says that it finished.  However, the "Installed Signature Ruleset" shows N/A.  Is this normal?  I've tried rebooting, removing, and re-installing the package with the same results.

    Thanks,

    Jeff



  • For testing if you have not selected 'Select Install Emergingthreats rules', select it in Global Settings.
    Click Save.
    Then try again Update rules.



  • Just reinstall the package and should be fine.



  • "I've tried rebooting, removing, and re-installing the package with the same results."

    After selecting the Emergingthreats rules, it successfully downloads those rules.  Now on the Update Tab, it shows:

    SNORT.ORG >>> N/A
    EMERGINGTHREATS.NET >>> 108bf1fd5ba0ec4d8d304232053459cd



  • You should have the issue in the system log.



  • What should I expect to see in the system logs?

    Here's the last few days:

    Jul 12 12:03:03 php: : Emergingthreats rules file update downloaded succsesfully
    Jul 12 12:03:03 php: : Snort has restarted with your new set of rules…
    Jul 13 00:03:02 php: : Emergingthreats rules file update downloaded succsesfully
    Jul 13 00:03:02 php: : Snort has restarted with your new set of rules...
    Jul 14 00:03:03 php: : Emergingthreats rules file update downloaded succsesfully
    Jul 14 00:03:03 php: : Snort has restarted with your new set of rules...
    Jul 15 20:31:04 php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.56.6
    Jul 15 20:31:04 php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.56.6

    I just did a manual update and it doesn't show anything in the logs...



  • Update:

    I just removed the package and installed the latest version.  Now I'm getting this message every time I try to manually update:

    "php: /snort/snort_download_rules.php: Please wait… You may only check for New Rules every 15 minutes..."

    Yes, I've waited the 15 minutes in between tries.





  • @j3ffr3y:

    Update:

    I just removed the package and installed the latest version.  Now I'm getting this message every time I try to manually update:

    "php: /snort/snort_download_rules.php: Please wait… You may only check for New Rules every 15 minutes..."

    Yes, I've waited the 15 minutes in between tries.

    I had this exact problem at one point somehow my oink code was bad. I had the premium service and it had expired. I just re-registered the service at snort.org and everything worked fine after that.



  • i had the same problem, but entering my snort-code newly fixed it.



  • I followed Cino's link to completely remove Snort and re-installed.  = Same Issue

    Tried creating new Snort account and generated a new oinkcode = Same Issue.


Log in to reply