Snort - Rules Update problem

  • I installed Snort Package, but the rules update stops telling "Extracting snort rules…" and the progress bar is not full...

    Where is the problem with it?

  • The "Current" branch of Snort rules is no longer compatible with Snort 2.7.  A change needs to be made in the configuration to make Snort retrieve the proper branch.  Unfortunately I don't know where the configuration file is kept on pfSense.

    and also

    IPCop was using 2.6, but I believe it's the same problem.

    Actually I believe I found the fix-
    Open /usr/local/www/snort_download_rules.php
    find the following lines
    $snort_filename = "snortrules-snapshot-CURRENT{$premium_subscriber}.tar.gz";
    $snort_filename_md5 = "snortrules-snapshot-CURRENT.tar.gz.md5";

    replace it with

    $snort_filename = "snortrules-snapshot-2.7{$premium_subscriber}.tar.gz";
    $snort_filename_md5 = "snortrules-snapshot-2.7.tar.gz.md5";

  • I did NOT edit the snort_download_rules.php file as you tols, but now the update Page told me:

    Last rule update: 2008-01-28
    You last updated the ruleset: 2008-01-30
    Your snort rulesets are up to date.

    This mean that is working as it is? I should edit the snort_download_rules.php file?

  • Sorry for the late reply.

    If the snort page says you have updated you do not need to modify the file.  The package maintainer probably updated the package.