Snort VRT rules update error



  • Hello,
    i have a problem wth VTR Rules update (and now all  VTR rules are empty) ,
    when i try to update it i receive an error:

    Snort VRT rules will not be updated.
    Server returned error code 422.

    I already see some Topic with this problem but all refer to "Suricata" , i have only Snort installed as IDS not Suricata , how can i fix?

    I have Free subscription

    Already did:
    Try to search file with URL inside luckyless
    Changed Oinkcode with a new one , and i receive same error.

    Anyone can help me pls?
    tnx


  • Banned

    Most likely by upgrading your pfSense 2.1.x to a version where the package still exists.



  • hello,
    i have snort to Snort 2.9.7.0 pkg v3.2.3

    and pfsense to 2.2.4-RELEASE (amd64)

    i have update off from 10 of june


  • Banned

    The current package version on 2.2.x is 3.2.8.2, using Snort 2.9.7.5. Please, upgrade your packages before reporting bugs!



  • @peppegate:

    hello,
    i have snort to Snort 2.9.7.0 pkg v3.2.3

    and pfsense to 2.2.4-RELEASE (amd64)

    i have update off from 10 of june

    As the doktor pointed out, the Snort team has discontinued rules support for the 2.9.7.0 Snort version.  VRT rules are tied by version number to specific Snort binaries.  The Snort VRT has life-cycle management for both the binary Snort version and therefore the rules (since they must match).  Each version rolls out of support at some period of time after initial release.  Your old Snort version has rolled out of rules support (meaning the VRT no longer produces rules that will work with that older Snort binary).

    This will always happen with Snort, and so users need to keep the package updated.  Another complicating issue is that due to changes in the FreeBSD kernel, the newer Snort binaries cannot be compiled for pfSense 2.1 and earlier.  So to continue using Snort, you must upgrade your pfSense to 2.2.x and then upgrade Snort (it will automatically get upgraded when you update pfSense to 2.2).

    EDIT:  need to correct this statement – ..."due to changes in the FreeBSD kernel"…  That is not technically accurate.  It's actually due to changes in the Ports infrastructure and the package creation tools, but the end result is still that most newer versions of FreeBSD ports no longer compile for pfSense versions older than 2.2.x.

    Bill



  • Hello guyz ,
    i really thanks all of you for the answers ,
    my Pfsense from dashboard told me that is Up to date (2.2.4 as i wrote) , did you know if there is a new version?
    Did you think that with an update only of Snort i could solve the problem?
    tnx


  • Banned

    We are talking about package version here. You are many versions behind. Update the Snort package.



  • hello,
    tnx for Answer , can i know how update package? that is how you mean right?


  • Banned

    In the same place where you installed it. Simply click the reinstall button.


Log in to reply