Snort - Rules Update problem



  • I installed Snort Package, but the rules update stops telling "Extracting snort rules…" and the progress bar is not full...

    Where is the problem with it?



  • The "Current" branch of Snort rules is no longer compatible with Snort 2.7.  A change needs to be made in the configuration to make Snort retrieve the proper branch.  Unfortunately I don't know where the configuration file is kept on pfSense.

    See http://www.snort.org/pub-bin/downloads.cgi
    and also http://www.ipcop.org/index.php?name=News&file=article&sid=38

    IPCop was using 2.6, but I believe it's the same problem.

    Edit:
    Actually I believe I found the fix-
    Open /usr/local/www/snort_download_rules.php
    find the following lines
    $snort_filename = "snortrules-snapshot-CURRENT{$premium_subscriber}.tar.gz";
    $snort_filename_md5 = "snortrules-snapshot-CURRENT.tar.gz.md5";

    replace it with

    $snort_filename = "snortrules-snapshot-2.7{$premium_subscriber}.tar.gz";
    $snort_filename_md5 = "snortrules-snapshot-2.7.tar.gz.md5";



  • I did NOT edit the snort_download_rules.php file as you tols, but now the update Page told me:

    Last snort.org rule update: 2008-01-28
    You last updated the ruleset: 2008-01-30
    Your snort rulesets are up to date.

    This mean that is working as it is? I should edit the snort_download_rules.php file?



  • Sorry for the late reply.

    If the snort page says you have updated you do not need to modify the file.  The package maintainer probably updated the package.


Log in to reply