Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Rules Auto Update - Not Working!

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zimba
      last edited by

      Hello All,

      The auto update for rules does not seem to be working….If I do a "force" update, it gets the rules and works fine...Here is what I found in the logs:

      Starting rules update...  Time: 2014-07-31 12:23:24
                  Downloading Snort VRT rules md5 file snortrules-snapshot-2960.tar.gz.md5...
                  Snort VRT rules md5 download failed.
                  Server returned error code 422.
                  Server error message was:
                  Snort VRT rules will not be updated.
      The Rules update has finished.  Time: 2014-07-31 12:23:24

      I am using the latest package: 2.9.6.2 pkg v3.1.1

      Would appreciate if someone could shed some light on this...

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @zimba:

        Hello All,

        The auto update for rules does not seem to be working….If I do a "force" update, it gets the rules and works fine...Here is what I found in the logs:

        Starting rules update...  Time: 2014-07-31 12:23:24
                    Downloading Snort VRT rules md5 file snortrules-snapshot-2960.tar.gz.md5…
                    Snort VRT rules md5 download failed.
                    Server returned error code 422.
                    Server error message was:
                    Snort VRT rules will not be updated.
        The Rules update has finished.  Time: 2014-07-31 12:23:24

        I am using the latest package: 2.9.6.2 pkg v3.1.1

        Would appreciate if someone could shed some light on this...

        Thanks in advance.

        That's a strange error.  Are you 100% sure you have the latest Snort package version installed?  How about try removing and reinstalling the package.  I highlighted the problem in bold maroon above.  The cron job is trying to download the wrong version of the rules snapshot file.  Snort 2.9.6.0 is EOL and thus that rules file is probably not there anymore.  It should instead be trying to download the file snortrules-snapshot-2962.tar.gz.

        The filename is hard-coded into the PHP code for the Snort package.  Did you by chance manually edit something in the recent past to hard-code this older rules file version?

        Bill

        1 Reply Last reply Reply Quote 0
        • Z
          zimba
          last edited by

          Thanks, Bill!

          I am not sure what happened but it is now working!

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @zimba:

            Thanks, Bill!

            I am not sure what happened but it is now working!

            Sometimes the Snort.org web site has temporary issues.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.