Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort rules update fails

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gad_d
      last edited by

      Hi,
      im trying to use Snort without luck… can get the rules updates. i have the Oinkmaster code (even tried to regenerate it)
      this is the error i get

      
      Downloading Snort VRT rules md5 file... FAILED!
      Snort VRT rules will not be updated.
      Server returned error code 0.
      Downloading Snort GPLv2 Community Rules md5 file... FAILED!
      Snort GPLv2 Community Rules will not be updated.
      Server returned error code 0.
      Cleaning up temp dirs and files... done.
      
      

      this install also has Squid & Squidguard

      1 Reply Last reply Reply Quote 0
      • D
        David_W
        last edited by

        The updates work for me. Is it possible that your Squid / Squidguard installation is preventing pfSense from fetching the files?

        You don't need the Snort GPLv2 Community Rules if you have either the paid or free VRT rules installed, as the VRT rules are a superset of the GPLv2 rules. The free VRT rules are the same as the paid VRT rules, other than there is a time lag before rule changes appear in the free set.

        1 Reply Last reply Reply Quote 0
        • G
          gad_d
          last edited by

          @David_W:

          The updates work for me. Is it possible that your Squid / Squidguard installation is preventing pfSense from fetching the files?

          Hi David,
          thanks for the tip, i disabled ssl inspection in squid and indeed the update was done
          I tried to add proxy bypass rules for the URLs that snort uses but it dosent seem to help.

          any idea / suggestion ?

          Thanks again :)

          1 Reply Last reply Reply Quote 0
          • G
            gad_d
            last edited by

            Still didnt find any solution to why the Snort update is blocked by squid
            will be happy if anyone has some direction

            thanks

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks
              last edited by

              @gad_d:

              Still didnt find any solution to why the Snort update is blocked by squid
              will be happy if anyone has some direction

              thanks

              Does squid log any message that might give a hint what it does not like about the SSL handshake Snort uses for its updates?

              Bill

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.