Snort - Rules Update problem

Emab · Jan 30, 2008, 12:19 AM

I installed Snort Package, but the rules update stops telling "Extracting snort rules…" and the progress bar is not full...

Where is the problem with it?

ooarashi · Jan 30, 2008, 7:28 PM

The "Current" branch of Snort rules is no longer compatible with Snort 2.7. A change needs to be made in the configuration to make Snort retrieve the proper branch. ~~Unfortunately I don't know where the configuration file is kept on pfSense.~~

See http://www.snort.org/pub-bin/downloads.cgi
and also http://www.ipcop.org/index.php?name=News&file=article&sid=38

IPCop was using 2.6, but I believe it's the same problem.

Edit:
Actually I believe I found the fix-
Open /usr/local/www/snort_download_rules.php
find the following lines
$snort_filename = "snortrules-snapshot-CURRENT{$premium_subscriber}.tar.gz";
$snort_filename_md5 = "snortrules-snapshot-CURRENT.tar.gz.md5";

replace it with

$snort_filename = "snortrules-snapshot-2.7{$premium_subscriber}.tar.gz";
$snort_filename_md5 = "snortrules-snapshot-2.7.tar.gz.md5";

Emab · Jan 31, 2008, 7:11 PM

I did NOT edit the snort_download_rules.php file as you tols, but now the update Page told me:

Last snort.org rule update: 2008-01-28
You last updated the ruleset: 2008-01-30
Your snort rulesets are up to date.

This mean that is working as it is? I should edit the snort_download_rules.php file?

ooarashi · Feb 14, 2008, 4:56 PM

Sorry for the late reply.

If the snort page says you have updated you do not need to modify the file. The package maintainer probably updated the package.