Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort Rules Auto Update - Not Working!

    pfSense Packages
    2
    4
    1713
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zimba last edited by

      Hello All,

      The auto update for rules does not seem to be working….If I do a "force" update, it gets the rules and works fine...Here is what I found in the logs:

      Starting rules update...  Time: 2014-07-31 12:23:24
                  Downloading Snort VRT rules md5 file snortrules-snapshot-2960.tar.gz.md5...
                  Snort VRT rules md5 download failed.
                  Server returned error code 422.
                  Server error message was:
                  Snort VRT rules will not be updated.
      The Rules update has finished.  Time: 2014-07-31 12:23:24

      I am using the latest package: 2.9.6.2 pkg v3.1.1

      Would appreciate if someone could shed some light on this...

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        @zimba:

        Hello All,

        The auto update for rules does not seem to be working….If I do a "force" update, it gets the rules and works fine...Here is what I found in the logs:

        Starting rules update...  Time: 2014-07-31 12:23:24
                    Downloading Snort VRT rules md5 file snortrules-snapshot-2960.tar.gz.md5…
                    Snort VRT rules md5 download failed.
                    Server returned error code 422.
                    Server error message was:
                    Snort VRT rules will not be updated.
        The Rules update has finished.  Time: 2014-07-31 12:23:24

        I am using the latest package: 2.9.6.2 pkg v3.1.1

        Would appreciate if someone could shed some light on this...

        Thanks in advance.

        That's a strange error.  Are you 100% sure you have the latest Snort package version installed?  How about try removing and reinstalling the package.  I highlighted the problem in bold maroon above.  The cron job is trying to download the wrong version of the rules snapshot file.  Snort 2.9.6.0 is EOL and thus that rules file is probably not there anymore.  It should instead be trying to download the file snortrules-snapshot-2962.tar.gz.

        The filename is hard-coded into the PHP code for the Snort package.  Did you by chance manually edit something in the recent past to hard-code this older rules file version?

        Bill

        1 Reply Last reply Reply Quote 0
        • Z
          zimba last edited by

          Thanks, Bill!

          I am not sure what happened but it is now working!

          1 Reply Last reply Reply Quote 0
          • bmeeks
            bmeeks last edited by

            @zimba:

            Thanks, Bill!

            I am not sure what happened but it is now working!

            Sometimes the Snort.org web site has temporary issues.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy