• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort Updating issue (SSL)

Scheduled Pinned Locked Moved IDS/IPS
22 Posts 5 Posters 6.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Abhishek
    last edited by Apr 11, 2016, 12:45 PM Apr 5, 2016, 8:31 AM

    
    snort update error 
    [code]
    Apr 5 13:46:24	pfsense.xxx.local		nginx: 2016/04/05 13:46:24 [error] 57647#0: *1822 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.246, server: , request: "POST /snort/snort_download_updates.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/snort/snort_download_updates.php"
    Apr 5 13:46:19	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
    Apr 5 13:46:19	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
    Apr 5 13:46:04	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
    Apr 5 13:46:04	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
    Apr 5 13:45:49	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
    Apr 5 13:45:49	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
    Apr 5 13:45:34	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
    Apr 5 13:45:34	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
    Apr 5 13:45:33	php-fpm	81238	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
    Apr 5 13:45:30	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
    Apr 5 13:45:30	php-fpm	81238	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
    Apr 5 13:45:15	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
    Apr 5 13:45:15	php-fpm	81238	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
    Apr 5 13:45:02	snort	96563	invalid appid in appStatRecord (1122)
    Apr 5 13:45:02	snort	96563	invalid appid in appStatRecord (1119)
    Apr 5 13:45:02	snort	96563	invalid appid in appStatRecord (1114)[/code]
    
    2.3-RC (amd64) 
    built on Mon Apr 04 17:09:32 CDT 2016 
    FreeBSD 10.3-RELEASE 
    CPU Type	Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
    2 CPUs: 1 package(s) x 2 core(s)
    Temperature	
    44.0°C
    Load average	
    0.22, 0.28, 0.30
    

    2.3-RC (amd64)
    built on Mon Apr 04 17:09:32 CDT 2016
    FreeBSD 10.3-RELEASE
    Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

    darkstat 3.1.2_1
    Lightsquid 3.0.3_1
    mailreport 3.0_1
    pfBlockerNG 2.0.9_1  
    RRD_Summary 1.3.1_2
    snort 3.2.9.1_9  
    squid 0.4.16_1  
    squidGuard 1.14_1
    syslog-ng 1.1.2_2

    1 Reply Last reply Reply Quote 0
    • A
      Abhishek
      last edited by Apr 5, 2016, 12:47 PM Apr 5, 2016, 10:44 AM

      Just now noticed snort is blocking few IP  but those info is not showing in GUI blocked Page

      but when i click Blocked Hosts Download button and open with notepad i can see the blocked IP  (shown in pic)

      Even after i click CLEAR All blocked hosts will be removed  those IP's are not getting removed

      EDIT
      Block issue got fixed by clicking Refresh and Log View  i taught that page will auto refresh  , now its showing and i was able to remove blocked IP's

      now only issue left is updating issue

      After snort reinstall also

      
      Starting rules update...  Time: 2016-04-05 15:08:16
      	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
      	Checking Snort VRT rules md5 file...
      	There is a new set of Snort VRT rules posted.
      	Downloading file 'snortrules-snapshot-2980.tar.gz'...
      	Snort VRT rules file download failed.  Server returned error 0.
      	The error text was: SSL certificate problem: unable to get local issuer certificate
      	Snort VRT rules will not be updated.
      	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
      	Checking Snort OpenAppID detectors md5 file...
      	There is a new set of Snort OpenAppID detectors posted.
      	Downloading file 'snort-openappid.tar.gz'...
      	Snort OpenAppID detectors file download failed.  Server returned error 0.
      	The error text was: SSL certificate problem: unable to get local issuer certificate
      	Snort OpenAppID detectors will not be updated.
      	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
      	Checking Snort GPLv2 Community Rules md5 file...
      	There is a new set of Snort GPLv2 Community Rules posted.
      	Downloading file 'community-rules.tar.gz'...
      	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
      	The error text was: SSL certificate problem: unable to get local issuer certificate
      	Snort GPLv2 Community Rules will not be updated.
      	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      	Checking Emerging Threats Open rules md5 file...
      	There is a new set of Emerging Threats Open rules posted.
      	Downloading file 'emerging.rules.tar.gz'...
      Starting rules update...  Time: 2016-04-05 16:24:09
      	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
      	Checking Snort VRT rules md5 file...
      	There is a new set of Snort VRT rules posted.
      	Downloading file 'snortrules-snapshot-2980.tar.gz'...
      	Snort VRT rules file download failed.  Server returned error 0.
      	The error text was: SSL certificate problem: unable to get local issuer certificate
      	Snort VRT rules will not be updated.
      	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
      	Checking Snort OpenAppID detectors md5 file...
      	There is a new set of Snort OpenAppID detectors posted.
      	Downloading file 'snort-openappid.tar.gz'...
      	Snort OpenAppID detectors file download failed.  Server returned error 0.
      	The error text was: SSL certificate problem: unable to get local issuer certificate
      	Snort OpenAppID detectors will not be updated.
      	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
      	Checking Snort GPLv2 Community Rules md5 file...
      	There is a new set of Snort GPLv2 Community Rules posted.
      	Downloading file 'community-rules.tar.gz'...
      	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
      	The error text was: SSL certificate problem: unable to get local issuer certificate
      	Snort GPLv2 Community Rules will not be updated.
      	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      	Checking Emerging Threats Open rules md5 file...
      	There is a new set of Emerging Threats Open rules posted.
      	Downloading file 'emerging.rules.tar.gz'...
      	Done downloading rules file.
      	Extracting and installing Emerging Threats Open rules...
      	Installation of Emerging Threats Open rules completed.
      	Copying new config and map files...
      	Updating rules configuration for: WAN ...
      	Updating rules configuration for: LAN ...
      The Rules update has finished.  Time: 2016-04-05 16:27:59
      
      
      
      Snort VRT Rules	Not Downloaded	Not Downloaded
      Snort GPLv2 Community Rules	Not Downloaded	Not Downloaded
      Emerging Threats Open Rules	a4261de1af8356d54b344c0c4a73474d	Tuesday, 05-Apr-16 16:27:59 IST
      Snort OpenAppID Detectors	Not Downloaded	Not Downloaded
      

      01log.PNG_thumb
      01log.PNG
      02_snort_log.PNG
      02_snort_log.PNG_thumb
      03.PNG
      03.PNG_thumb
      04.PNG
      04.PNG_thumb

      2.3-RC (amd64)
      built on Mon Apr 04 17:09:32 CDT 2016
      FreeBSD 10.3-RELEASE
      Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

      darkstat 3.1.2_1
      Lightsquid 3.0.3_1
      mailreport 3.0_1
      pfBlockerNG 2.0.9_1  
      RRD_Summary 1.3.1_2
      snort 3.2.9.1_9  
      squid 0.4.16_1  
      squidGuard 1.14_1
      syslog-ng 1.1.2_2

      1 Reply Last reply Reply Quote 0
      • A
        Abhishek
        last edited by Apr 6, 2016, 4:45 AM Apr 6, 2016, 4:29 AM

        Today also same issue

        Time Process PID Message
        Apr 6 10:00:00 php [pfBlockerNG] Starting cron process.
        Apr 6 09:59:53 php-fpm 85941 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds…
        Apr 6 09:59:53 php-fpm 85941 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 09:59:38 php-fpm 85941 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds…
        Apr 6 09:59:38 php-fpm 85941 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 09:59:36 php-fpm 85941 /snort/snort_download_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz…
        Apr 6 09:34:43 php-fpm 49045 /index.php: Successful login for user 'admin' from: 192.168.0.X

        
        Time	Process	PID	Message
        Apr 6 10:13:35	php-fpm	90329	/snort/snort_download_updates.php: [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
        Apr 6 10:13:33	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Snort GPLv2 Community Rules file download failed... server returned error '0'...
        Apr 6 10:13:33	php-fpm	90329	/snort/snort_download_updates.php: File 'community-rules.tar.gz' download attempts: 4 ...
        Apr 6 10:13:24	pfsense.xxx.local		nginx: 2016/04/06 10:13:24 [error] 57723#0: *14701 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.246, server: , request: "POST /snort/snort_download_updates.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "pfsense.xxx.local", referrer: "https://pfsense.xxx.local/snort/snort_download_updates.php"
        Apr 6 10:13:18	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:13:18	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:13:03	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:13:03	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:12:48	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:12:48	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:12:33	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:12:33	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:12:31	php-fpm	90329	/snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
        Apr 6 10:12:30	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
        Apr 6 10:12:30	php-fpm	90329	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
        Apr 6 10:12:15	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:12:15	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:12:00	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:12:00	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:11:45	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:11:45	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:11:30	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
        Apr 6 10:11:30	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
        Apr 6 10:11:28	php-fpm	90329	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
        Apr 6 10:11:27	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
        Apr 6 10:11:27	php-fpm	90329	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
        Apr 6 10:11:12	php-fpm	90329	/snort/snort_download_updates.php: [Snort] Will retry in 15 second
        

        so how to fix it  ?

        2.3-RC (amd64)
        built on Mon Apr 04 17:09:32 CDT 2016
        FreeBSD 10.3-RELEASE
        Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

        darkstat 3.1.2_1
        Lightsquid 3.0.3_1
        mailreport 3.0_1
        pfBlockerNG 2.0.9_1  
        RRD_Summary 1.3.1_2
        snort 3.2.9.1_9  
        squid 0.4.16_1  
        squidGuard 1.14_1
        syslog-ng 1.1.2_2

        1 Reply Last reply Reply Quote 0
        • A
          Abhishek
          last edited by Apr 6, 2016, 5:09 AM

          I uninstalled and tried install snort again

          
          >>> Installing pfSense-pkg-snort... 
          Updating pfSense-core repository catalogue...
          pfSense-core repository is up-to-date.
          Updating pfSense repository catalogue...
          pfSense repository is up-to-date.
          All repositories are up-to-date.
          Checking integrity... done (0 conflicting)
          The following 8 package(s) will be affected (of 0 checked):
          
          New packages to be INSTALLED:
          	pfSense-pkg-snort: 3.2.9.1_9 [pfSense]
          	barnyard2: 1.13 [pfSense]
          	broccoli: 1.97,1 [pfSense]
          	mysql56-client: 5.6.27 [pfSense]
          	snort: 2.9.8.0 [pfSense]
          	libnet: 1.1.6_3,1 [pfSense]
          	daq: 2.0.6 [pfSense]
          	libdnet: 1.12_1 [pfSense]
          
          The process will require 54 MiB more space.
          [1/8] Installing broccoli-1.97,1...
          [1/8] Extracting broccoli-1.97,1: .......... done
          [2/8] Installing mysql56-client-5.6.27...
          [2/8] Extracting mysql56-client-5.6.27: .......... done
          [3/8] Installing libdnet-1.12_1...
          [3/8] Extracting libdnet-1.12_1: .......... done
          [4/8] Installing barnyard2-1.13...
          [4/8] Extracting barnyard2-1.13: ...... done
          [5/8] Installing libnet-1.1.6_3,1...
          [5/8] Extracting libnet-1.1.6_3,1: .......... done
          [6/8] Installing daq-2.0.6...
          [6/8] Extracting daq-2.0.6: .......... done
          [7/8] Installing snort-2.9.8.0...
          [7/8] Extracting snort-2.9.8.0: .......... done
          [8/8] Installing pfSense-pkg-snort-3.2.9.1_9...
          [8/8] Extracting pfSense-pkg-snort-3.2.9.1_9: .......... done
          Saving updated package information...
          done.
          Loading package configuration... done.
          Configuring package components...
          Loading package instructions...
          Custom commands...
          Executing custom_php_install_command()...Saved settings detected.
          Migrating settings to new configuration... done.
          Downloading Snort VRT rules md5 file... done.
          Checking Snort VRT rules md5 file... done.
          There is a new set of Snort VRT rules posted.
          Downloading snortrules-snapshot-2980.tar.gz...
          
          
          
          Last 1000 General Log Entries. (Maximum 1000)
          Time	Process	PID	Message
          Apr 6 10:39:39	php		/etc/rc.packages: [Snort] Will retry in 15 seconds...
          Apr 6 10:39:39	php		/etc/rc.packages: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
          Apr 6 10:39:24	php		/etc/rc.packages: [Snort] Will retry in 15 seconds...
          Apr 6 10:39:24	php		/etc/rc.packages: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
          Apr 6 10:39:23	php		/etc/rc.packages: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz...
          Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Downloading and updating configured rule sets.
          Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Configuration version is current...
          Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Checking configuration settings version...
          Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Saved settings detected... rebuilding installation with saved settings.
          Apr 6 10:39:21	check_reload_status		Syncing firewall
          Apr 6 10:39:21	php		/etc/rc.packages: Beginning package installation for snort .
          Apr 6 10:39:20	pkg		snort-2.9.8.0 installed
          

          2.3-RC (amd64)
          built on Mon Apr 04 17:09:32 CDT 2016
          FreeBSD 10.3-RELEASE
          Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

          darkstat 3.1.2_1
          Lightsquid 3.0.3_1
          mailreport 3.0_1
          pfBlockerNG 2.0.9_1  
          RRD_Summary 1.3.1_2
          snort 3.2.9.1_9  
          squid 0.4.16_1  
          squidGuard 1.14_1
          syslog-ng 1.1.2_2

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by Apr 6, 2016, 5:29 AM

            this part:
            @Merchant:

            Apr 5 14:01:45 pfsense.XXX.local nginx: 2016/04/05 14:01:45 [crit] 57647#0: *3189 SSL_write() failed (SSL:) (1: Operation not permitted) while sending to client, client: 192.168.0.246, server: , request: "POST /diag_resetstate.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/diag_resetstate.php"

            is to be expected. When killing all states you kill your connection to nginx as well, which then can no longer use that TCP connection. Similar in any situation that would kill the state(s) of your connections to the GUI.

            Hopefully bmeeks can chime in on the Snort update part. It ought to be using ca_root_nss automatically which should have a trusted cert for the Snort rules download, but not sure off the top of my head how that works and haven't checked the source.

            1 Reply Last reply Reply Quote 0
            • A
              Abhishek
              last edited by Apr 6, 2016, 8:44 AM Apr 6, 2016, 8:33 AM

              @cmb:

              this part:
              @Merchant:

              Apr 5 14:01:45 pfsense.XXX.local nginx: 2016/04/05 14:01:45 [crit] 57647#0: *3189 SSL_write() failed (SSL:) (1: Operation not permitted) while sending to client, client: 192.168.0.246, server: , request: "POST /diag_resetstate.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/diag_resetstate.php"

              is to be expected. When killing all states you kill your connection to nginx as well, which then can no longer use that TCP connection. Similar in any situation that would kill the state(s) of your connections to the GUI.

              Hopefully bmeeks can chime in on the Snort update part. It ought to be using ca_root_nss automatically which should have a trusted cert for the Snort rules download, but not sure off the top of my head how that works and haven't checked the source.

              thank you for reply
              in this thread

              https://forum.pfsense.org/index.php?topic=109148.0

              in the above thread i noticed few members  saying snort is working okay for them with updating , any idea bmeeks why mine is not working ? should i move to suricata

              2.3-RC (amd64)
              built on Mon Apr 04 17:09:32 CDT 2016
              FreeBSD 10.3-RELEASE
              Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

              darkstat 3.1.2_1
              Lightsquid 3.0.3_1
              mailreport 3.0_1
              pfBlockerNG 2.0.9_1  
              RRD_Summary 1.3.1_2
              snort 3.2.9.1_9  
              squid 0.4.16_1  
              squidGuard 1.14_1
              syslog-ng 1.1.2_2

              1 Reply Last reply Reply Quote 0
              • C
                cremesk
                last edited by Apr 6, 2016, 8:47 AM

                Apr 5 14:01:45  pfsense.XXX.local      nginx: 2016/04/05 14:01:45 [crit] 57647#0: *3189 SSL_write() failed (SSL:) (1: Operation not permitted) while sending to client, client: 192.168.0.246, server: , request: "POST /diag_resetstate.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/diag_resetstate.php"

                i think this is not an snort problem..

                PS:

                my manually and automatic upgrade works fine in snort on both pfsense maschines (carp sync).

                1 Reply Last reply Reply Quote 0
                • A
                  Abhishek
                  last edited by Apr 6, 2016, 9:16 AM Apr 6, 2016, 9:01 AM

                  @cremesk:

                  Apr 5 14:01:45  pfsense.XXX.local      nginx: 2016/04/05 14:01:45 [crit] 57647#0: *3189 SSL_write() failed (SSL:) (1: Operation not permitted) while sending to client, client: 192.168.0.246, server: , request: "POST /diag_resetstate.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/diag_resetstate.php"

                  i think this is not an snort problem..

                  PS:

                  my manually and automatic upgrade works fine in snort on both pfsense maschines (carp sync).

                  thank you for replying  . the above quoted by you is not snort issue  ( i posted on post #2 )

                  
                  Last 1000 General Log Entries. (Maximum 1000)
                  Time	Process	PID	Message
                  Apr 6 10:39:39	php		/etc/rc.packages: [Snort] Will retry in 15 seconds...
                  Apr 6 10:39:39	php		/etc/rc.packages: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
                  Apr 6 10:39:24	php		/etc/rc.packages: [Snort] Will retry in 15 seconds...
                  Apr 6 10:39:24	php		/etc/rc.packages: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
                  Apr 6 10:39:23	php		/etc/rc.packages: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz...
                  Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Downloading and updating configured rule sets.
                  Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Configuration version is current...
                  Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Checking configuration settings version...
                  Apr 6 10:39:21	php		/etc/rc.packages: [Snort] Saved settings detected... rebuilding installation with saved settings.
                  Apr 6 10:39:21	check_reload_status		Syncing firewall
                  Apr 6 10:39:21	php		/etc/rc.packages: Beginning package installation for snort .
                  Apr 6 10:39:20	pkg		snort-2.9.8.0 installed
                  

                  i will try uninstall snort and install suricata

                  2.3-RC (amd64)
                  built on Mon Apr 04 17:09:32 CDT 2016
                  FreeBSD 10.3-RELEASE
                  Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                  darkstat 3.1.2_1
                  Lightsquid 3.0.3_1
                  mailreport 3.0_1
                  pfBlockerNG 2.0.9_1  
                  RRD_Summary 1.3.1_2
                  snort 3.2.9.1_9  
                  squid 0.4.16_1  
                  squidGuard 1.14_1
                  syslog-ng 1.1.2_2

                  1 Reply Last reply Reply Quote 0
                  • C
                    cremesk
                    last edited by Apr 6, 2016, 9:18 AM

                    you can try this to reinstall all needed packages.. me helps to clear my todo ;)

                    /usr/sbin/pkg update -f
                    /usr/sbin/pkg install -yf pkg pfSense pfSense-kernel-pfSense pfSense-base pfSense-default-config
                    

                    Sven

                    PS:

                    Suricata not supported: openappid , and over 500 snort rules..

                    1 Reply Last reply Reply Quote 0
                    • A
                      Abhishek
                      last edited by Apr 6, 2016, 9:29 AM

                      @cremesk:

                      you can try this to reinstall all needed packages.. me helps to clear my todo ;)

                      /usr/sbin/pkg update -f
                      /usr/sbin/pkg install -yf pkg pfSense pfSense-kernel-pfSense pfSense-base pfSense-default-config
                      

                      Sven

                      PS:

                      Suricata not supported: openappid , and over 500 snort rules..

                      thank you for the info , i stick with snort

                      
                      today after working hours i will try update 
                      
                      to 
                      [code]Version 2.3.r.20160405.2024 is available.[/code]
                      
                      if doing command line upgrade using command you posted ,  like normal upgrade 
                      will it remove all the packages first then install updated pfsense  and install packages again  and restore settings ?
                      

                      2.3-RC (amd64)
                      built on Mon Apr 04 17:09:32 CDT 2016
                      FreeBSD 10.3-RELEASE
                      Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                      darkstat 3.1.2_1
                      Lightsquid 3.0.3_1
                      mailreport 3.0_1
                      pfBlockerNG 2.0.9_1  
                      RRD_Summary 1.3.1_2
                      snort 3.2.9.1_9  
                      squid 0.4.16_1  
                      squidGuard 1.14_1
                      syslog-ng 1.1.2_2

                      1 Reply Last reply Reply Quote 0
                      • C
                        cremesk
                        last edited by Apr 6, 2016, 9:46 AM

                        @Merchant:

                        @cremesk:

                        you can try this to reinstall all needed packages.. me helps to clear my todo ;)

                        /usr/sbin/pkg update -f
                        /usr/sbin/pkg install -yf pkg pfSense pfSense-kernel-pfSense pfSense-base pfSense-default-config
                        

                        Sven

                        PS:

                        Suricata not supported: openappid , and over 500 snort rules..

                        thank you for the info , i stick with snort

                        
                        today after working hours i will try update 
                        
                        to 
                        [code]Version 2.3.r.20160405.2024 is available.[/code]
                        
                        if doing command line upgrade using command you posted ,  like normal upgrade 
                        will it remove all the packages first then install updated pfsense  and install packages again  and restore settings ?
                        
                        /usr/sbin/pkg update -f
                        Updating pfSense-core repository catalogue...
                        Fetching meta.txz: 100%    940 B   0.9kB/s    00:01    
                        Fetching packagesite.txz: 100%    2 KiB   1.9kB/s    00:01    
                        Processing entries: 100%
                        pfSense-core repository update completed. 9 packages processed.
                        Updating pfSense repository catalogue...
                        Fetching meta.txz: 100%    940 B   0.9kB/s    00:01    
                        Fetching packagesite.txz: 100%   96 KiB  98.5kB/s    00:01    
                        Processing entries: 100%
                        pfSense repository update completed. 355 packages processed.
                        

                        update the local repository data

                        /usr/sbin/pkg install -yf pkg pfSense pfSense-kernel-pfSense pfSense-base pfSense-default-config
                        Updating pfSense-core repository catalogue...
                        pfSense-core repository is up-to-date.
                        Updating pfSense repository catalogue...
                        pfSense repository is up-to-date.
                        All repositories are up-to-date.
                        
                        The following 4 package(s) will be affected (of 0 checked):
                        
                        Installed packages to be REINSTALLED:
                        ...
                        
                        

                        install force this packages not remove..

                        sven

                        1 Reply Last reply Reply Quote 0
                        • B
                          bmeeks
                          last edited by Apr 6, 2016, 1:12 PM

                          @cmb:

                          this part:
                          @Merchant:

                          Apr 5 14:01:45 pfsense.XXX.local nginx: 2016/04/05 14:01:45 [crit] 57647#0: *3189 SSL_write() failed (SSL:) (1: Operation not permitted) while sending to client, client: 192.168.0.246, server: , request: "POST /diag_resetstate.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/diag_resetstate.php"

                          is to be expected. When killing all states you kill your connection to nginx as well, which then can no longer use that TCP connection. Similar in any situation that would kill the state(s) of your connections to the GUI.

                          Hopefully bmeeks can chime in on the Snort update part. It ought to be using ca_root_nss automatically which should have a trusted cert for the Snort rules download, but not sure off the top of my head how that works and haven't checked the source.

                          Snort and Suricata both just use the internal system calls to download their updates (I think the functions are in pfsense-utils.inc, but can't remember off the top of my head if that's the right include file.).  The code most definitely does not call that diag_resetstate.php page!  I have no idea where that is coming from.  I think if this was a package issue it would be happening for most, if not all users.  I lean toward something being wrong on this particular user's install.  I don't know what it might be, though.

                          Bill

                          1 Reply Last reply Reply Quote 0
                          • A
                            Abhishek
                            last edited by Apr 7, 2016, 4:38 AM

                            today morning when i checked update status it was all updated

                            
                            Snort VRT Rules	4be4f08437dbeb15b23fef3f6424b616	Thursday, 07-Apr-16 00:10:16 IST
                            Snort GPLv2 Community Rules	34a4533fb98dd7b144e9619d7517aa3f	Thursday, 07-Apr-16 00:10:16 IST
                            Emerging Threats Open Rules	98ab30888e018a8795f1507e8b9f189d	Wednesday, 06-Apr-16 10:42:39 IST
                            Snort OpenAppID Detectors	52f5e20a3c67f2a4a1b9cbc14c2f02ac	Thursday, 07-Apr-16 00:10:16 IST
                            
                            
                            Starting rules update...  Time: 2016-04-05 15:08:16
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	There is a new set of Emerging Threats Open rules posted.
                            	Downloading file 'emerging.rules.tar.gz'...
                            Starting rules update...  Time: 2016-04-05 16:24:09
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	There is a new set of Emerging Threats Open rules posted.
                            	Downloading file 'emerging.rules.tar.gz'...
                            	Done downloading rules file.
                            	Extracting and installing Emerging Threats Open rules...
                            	Installation of Emerging Threats Open rules completed.
                            	Copying new config and map files...
                            	Updating rules configuration for: WAN ...
                            	Updating rules configuration for: LAN ...
                            The Rules update has finished.  Time: 2016-04-05 16:27:59
                            
                            Starting rules update...  Time: 2016-04-05 18:23:56
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	Emerging Threats Open rules are up to date.
                            The Rules update has finished.  Time: 2016-04-05 18:27:08
                            
                            Starting rules update...  Time: 2016-04-06 00:05:00
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	Emerging Threats Open rules are up to date.
                            The Rules update has finished.  Time: 2016-04-06 00:08:17
                            
                            Starting rules update...  Time: 2016-04-06 09:59:35
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	There is a new set of Emerging Threats Open rules posted.
                            	Downloading file 'emerging.rules.tar.gz'...
                            Starting rules update...  Time: 2016-04-06 10:10:24
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	There is a new set of Emerging Threats Open rules posted.
                            	Downloading file 'emerging.rules.tar.gz'...
                            Starting rules update...  Time: 2016-04-06 10:39:21
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	There is a new set of Emerging Threats Open rules posted.
                            	Downloading file 'emerging.rules.tar.gz'...
                            	Done downloading rules file.
                            	Extracting and installing Emerging Threats Open rules...
                            	Installation of Emerging Threats Open rules completed.
                            	Copying new config and map files...
                            	Updating rules configuration for: WAN ...
                            	Updating rules configuration for: LAN ...
                            The Rules update has finished.  Time: 2016-04-06 10:42:39
                            
                            Starting rules update...  Time: 2016-04-06 11:02:46
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Snort VRT rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort VRT rules will not be updated.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Snort OpenAppID detectors file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort OpenAppID detectors will not be updated.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Snort GPLv2 Community Rules file download failed.  Server returned error 0.
                            	The error text was: SSL certificate problem: unable to get local issuer certificate
                            	Snort GPLv2 Community Rules will not be updated.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	Emerging Threats Open rules are up to date.
                            The Rules update has finished.  Time: 2016-04-06 11:05:55
                            
                            Starting rules update...  Time: 2016-04-07 00:05:00
                            	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
                            	Checking Snort VRT rules md5 file...
                            	There is a new set of Snort VRT rules posted.
                            	Downloading file 'snortrules-snapshot-2980.tar.gz'...
                            	Done downloading rules file.
                            	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
                            	Checking Snort OpenAppID detectors md5 file...
                            	There is a new set of Snort OpenAppID detectors posted.
                            	Downloading file 'snort-openappid.tar.gz'...
                            	Done downloading rules file.
                            	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
                            	Checking Snort GPLv2 Community Rules md5 file...
                            	There is a new set of Snort GPLv2 Community Rules posted.
                            	Downloading file 'community-rules.tar.gz'...
                            	Done downloading rules file.
                            	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
                            	Checking Emerging Threats Open rules md5 file...
                            	Emerging Threats Open rules are up to date.
                            	Extracting and installing Snort VRT rules...
                            	Using Snort VRT precompiled SO rules for FreeBSD-10-0 ...
                            	Installation of Snort VRT rules completed.
                            	Extracting and installing Snort OpenAppID detectors...
                            	Installation of Snort OpenAppID detectors completed.
                            	Extracting and installing Snort GPLv2 Community Rules...
                            	Installation of Snort GPLv2 Community Rules completed.
                            	Copying new config and map files...
                            	Updating rules configuration for: WAN ...
                            	Updating rules configuration for: LAN ...
                            The Rules update has finished.  Time: 2016-04-07 00:10:32
                            
                            
                            Last Update Apr-07 2016 00:10Result: Success
                            

                            2.3-RC (amd64)
                            built on Mon Apr 04 17:09:32 CDT 2016
                            FreeBSD 10.3-RELEASE
                            Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                            darkstat 3.1.2_1
                            Lightsquid 3.0.3_1
                            mailreport 3.0_1
                            pfBlockerNG 2.0.9_1  
                            RRD_Summary 1.3.1_2
                            snort 3.2.9.1_9  
                            squid 0.4.16_1  
                            squidGuard 1.14_1
                            syslog-ng 1.1.2_2

                            1 Reply Last reply Reply Quote 0
                            • A
                              Abhishek
                              last edited by Apr 11, 2016, 1:00 PM Apr 11, 2016, 12:46 PM

                              Again same issue today , today i noticed auto daily snort updated failed , so when i tried manual update same error

                              
                              Apr 11 18:15:59	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
                              Apr 11 18:15:59	php-fpm	12254	/snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
                              Apr 11 18:15:44	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
                              Apr 11 18:15:44	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain
                              Apr 11 18:15:29	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
                              Apr 11 18:15:29	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain
                              Apr 11 18:15:26	xinetd	26331	Reconfigured: new=0 old=1 dropped=0 (services)
                              Apr 11 18:15:26	xinetd	26331	readjusting service 6969-udp
                              Apr 11 18:15:26	xinetd	26331	Swapping defaults
                              Apr 11 18:15:26	xinetd	26331	Starting reconfiguration
                              Apr 11 18:15:25	check_reload_status		Reloading filter
                              Apr 11 18:15:14	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
                              Apr 11 18:15:14	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain
                              Apr 11 18:14:59	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
                              Apr 11 18:14:59	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain
                              Apr 11 18:14:57	php-fpm	12254	/snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
                              Apr 11 18:14:56	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
                              Apr 11 18:14:56	php-fpm	12254	/snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
                              
                              
                              
                              Rule Set Name/Publisher	MD5 Signature Hash	MD5 Signature Date
                              Snort VRT Rules	4be4f08437dbeb15b23fef3f6424b616	Thursday, 07-Apr-16 00:10:16 IST
                              Snort GPLv2 Community Rules	34a4533fb98dd7b144e9619d7517aa3f	Thursday, 07-Apr-16 00:10:16 IST
                              Emerging Threats Open Rules	d7572b565b38b5ca9c16849b3fefb0d6	Saturday, 09-Apr-16 09:37:26 IST
                              Snort OpenAppID Detectors	52f5e20a3c67f2a4a1b9cbc14c2f02ac	Thursday, 07-Apr-16 00:10:16 IST
                              
                              
                              Last Update Apr-10 2016 00:07Result: Failed
                              
                              
                              Version	2.3-RC (amd64) 
                              built on Wed Apr 06 05:34:38 CDT 2016 
                              FreeBSD 10.3-RELEASE 
                              
                              Obtaining update status 
                              
                              
                              Name	Category	Version	Actions
                              darkstat	net-mgmt	 3.1.2_1	 
                              iftop	net-mgmt	 0.17_2	  
                              Lightsquid	www	 3.0.3_1	 
                              mailreport	mail	 3.0_1	 
                              pfBlockerNG	net	 2.0.9_1	  
                              RRD_Summary	sysutils	 1.3.1_2	 
                              snort	security	 3.2.9.1_10	  
                              squid	www	 0.4.16_2	  
                              squidGuard	www	 1.14_2	 
                              syslog-ng	sysutils	 1.1.2_2	 
                              

                              maybe because of this snort is not blocking threat

                              
                              Interface Settings Overview
                               	Interface	Snort Status	Pattern Match	Blocking	Barnyard2 Status	Description	Actions
                              	WAN	     	LOWMEM	ENABLED	DISABLED 	WAN	 
                              	LAN	     	LOWMEM	ENABLED	DISABLED 	LAN	 
                              

                              Alerts

                              Interface to Inspect  WAN

                              
                              Date 	Pri 	Proto 	Class 	Source IP	SPort 	Destination IP	DPort 	SID 	Description
                              04/11/16
                              18:20:25	1	TCP	A Network Trojan was Detected	192.168.2.2
                                	23872	123.125.114.8
                                	80	1:2010066
                                	ET POLICY Data POST to an image file (gif)
                              
                              

                              In snort LAN interface its originating from android phone

                              but snort is not blocking the threat

                              
                              Last 500 Hosts Blocked by Snort
                              #	IP	Alert Descriptions and Event Times	Remove
                              There are currently no hosts being blocked by Snort.
                              

                              IP address info showing the IP from china

                              
                              http://www.infobyip.com/ip-123.125.114.8.html
                              
                              
                              https://www.virustotal.com/en/ip-address/123.125.114.8/information/
                              

                              2.3-RC (amd64)
                              built on Mon Apr 04 17:09:32 CDT 2016
                              FreeBSD 10.3-RELEASE
                              Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                              darkstat 3.1.2_1
                              Lightsquid 3.0.3_1
                              mailreport 3.0_1
                              pfBlockerNG 2.0.9_1  
                              RRD_Summary 1.3.1_2
                              snort 3.2.9.1_9  
                              squid 0.4.16_1  
                              squidGuard 1.14_1
                              syslog-ng 1.1.2_2

                              1 Reply Last reply Reply Quote 0
                              • BBcan177B
                                BBcan177 Moderator
                                last edited by Apr 11, 2016, 2:34 PM

                                You are having an SSL cURL error:

                                
                                Apr 11 18:14:59	php-fpm	12254	/snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain
                                
                                

                                Maybe you need to make an exception in squid? It's failing on a "self-signed certificate".

                                "Experience is something you don't get until just after you need it."

                                Website: http://pfBlockerNG.com
                                Twitter: @BBcan177  #pfBlockerNG
                                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                1 Reply Last reply Reply Quote 0
                                • B
                                  bmeeks
                                  last edited by Apr 12, 2016, 1:12 AM

                                  As BBcan177 stated, you have a problem with the SSL certificate chain on that firewall and not a Snort package problem.  Your update errors are not Snort related.  You have a broken SSL certificate chain.  The error message plainly states that as well.

                                  Bill

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    Abhishek
                                    last edited by Apr 12, 2016, 5:43 AM

                                    i updated my firewall proxy rule  and now its working , will check few days

                                    btw in system logs i find

                                    
                                    Apr 12 11:08:25	snort	98430	WARNING: /usr/local/etc/snort/snort_11346_em0/rules/snort.rules(890) threshold (in rule) is deprecated; use detection_filter instead.
                                    
                                    
                                    
                                    Apr 12 11:08:25	snort	97987	WARNING: /usr/local/etc/snort/snort_21557_ste0/rules/snort.rules(1131) threshold (in rule) is deprecated; use detection_filter instead.
                                    Apr 12 11:08:25	snort	97987	Initializing rule chains...
                                    

                                    2.3-RC (amd64)
                                    built on Mon Apr 04 17:09:32 CDT 2016
                                    FreeBSD 10.3-RELEASE
                                    Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                                    darkstat 3.1.2_1
                                    Lightsquid 3.0.3_1
                                    mailreport 3.0_1
                                    pfBlockerNG 2.0.9_1  
                                    RRD_Summary 1.3.1_2
                                    snort 3.2.9.1_9  
                                    squid 0.4.16_1  
                                    squidGuard 1.14_1
                                    syslog-ng 1.1.2_2

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      Abhishek
                                      last edited by Apr 12, 2016, 8:01 AM

                                      Still facing issue with blocking offenders

                                      
                                      Last 250 Alert Log Entries
                                      Date 	Pri 	Proto 	Class 	Source IP	SPort 	Destination IP	DPort 	SID 	Description
                                      04/12/16
                                      13:30:39	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	4577	54.230.191.47
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      13:26:07	1	UDP	Potential Corporate Privacy Violation	192.168.2.2
                                        	42180	188.183.144.164
                                        	26363	1:2008581
                                        	ET P2P BitTorrent DHT ping request
                                      04/12/16
                                      13:19:00	1	UDP	Potential Corporate Privacy Violation	192.168.2.2
                                        	32733	110.55.67.168
                                        	34242	1:2008581
                                        	ET P2P BitTorrent DHT ping request
                                      04/12/16
                                      12:30:37	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	12010	54.230.191.192
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      12:09:14	1	UDP	Potential Corporate Privacy Violation	192.168.2.2
                                        	44624	195.154.8.133
                                        	6881	1:2008581
                                        	ET P2P BitTorrent DHT ping request
                                      04/12/16
                                      11:43:00	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	24472	54.230.191.163
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      11:30:38	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	3136	54.230.191.169
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      11:08:37	1	UDP	Potential Corporate Privacy Violation	192.168.2.2
                                        	45122	91.121.96.123
                                        	51413	1:2008581
                                        	ET P2P BitTorrent DHT ping request
                                      04/12/16
                                      10:30:47	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	22779	54.230.190.172
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:46	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	48540	80.94.76.5
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:46	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	31562	82.221.103.245
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:45	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	44123	54.230.190.167
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:45	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	47535	173.254.195.58
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:45	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	60572	54.230.191.159
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:45	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	39180	80.94.76.5
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:40	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	18747	54.230.191.163
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:38	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	29431	52.84.198.229
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:37	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	40167	111.119.17.254
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:37	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	12509	111.119.17.253
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:22	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	9461	67.215.246.203
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      10:30:22	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	48950	173.254.195.58
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:40:04	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	5448	111.119.17.253
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:40:04	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	39642	111.119.17.254
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:57	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	52213	67.215.246.203
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:57	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	41794	54.230.190.172
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:57	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	29484	80.94.76.5
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:57	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	53677	67.215.246.203
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:56	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	29777	173.254.195.58
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:56	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	11758	111.119.17.254
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:56	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	40463	54.230.191.169
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:55	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	56369	80.94.76.5
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:49	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	61210	54.230.191.18
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:49	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	3696	54.230.190.237
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:48	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	59978	52.84.198.229
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:47	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	54855	111.119.17.254
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/12/16
                                      09:39:47	1	UDP	Potential Corporate Privacy Violation	192.168.2.2
                                        	50163	58.182.0.93
                                        	11101	1:2008581
                                        	ET P2P BitTorrent DHT ping request
                                      04/11/16
                                      19:07:35	1	TCP	Potential Corporate Privacy Violation	192.168.2.2
                                        	27886	54.230.191.75
                                        	80	1:2012247
                                        	ET P2P BTWebClient UA uTorrent in use
                                      04/11/16
                                      18:53:29	1	TCP	A Network Trojan was Detected	192.168.2.2
                                        	58238	123.125.114.8
                                        	80	1:2010066
                                        	ET POLICY Data POST to an image file (gif)
                                      04/11/16
                                      18:31:05	1	TCP	A Network Trojan was Detected	192.168.2.2
                                        	36910	123.125.114.8
                                        	80	1:2010066
                                        	ET POLICY Data POST to an image file (gif)
                                      04/11/16
                                      18:30:31	1	TCP	A Network Trojan was Detected	192.168.2.2
                                        	61223	123.125.114.8
                                        	80	1:2010066
                                        	ET POLICY Data POST to an image file (gif)
                                      04/11/16
                                      18:20:25	1	TCP	A Network Trojan was Detected	192.168.2.2
                                        	23872	123.125.114.8
                                        	80	1:2010066
                                        	ET POLICY Data POST to an image file (gif)
                                      

                                      None is blocked

                                      
                                      Last 500 Hosts Blocked by Snort
                                      #	IP	Alert Descriptions and Event Times	Remove
                                      There are currently no hosts being blocked by Snort.
                                      

                                      all issue started after updating from stable to RC , is there any way to completely wipe and install snort , i already tried reinstall but not worked

                                      2.3-RC (amd64)
                                      built on Mon Apr 04 17:09:32 CDT 2016
                                      FreeBSD 10.3-RELEASE
                                      Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                                      darkstat 3.1.2_1
                                      Lightsquid 3.0.3_1
                                      mailreport 3.0_1
                                      pfBlockerNG 2.0.9_1  
                                      RRD_Summary 1.3.1_2
                                      snort 3.2.9.1_9  
                                      squid 0.4.16_1  
                                      squidGuard 1.14_1
                                      syslog-ng 1.1.2_2

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bmeeks
                                        last edited by Apr 12, 2016, 12:12 PM

                                        To totally remove Snort and start with a clean slate, go to the GLOBAL SETTINGS tab and uncheck the box near the bottom for saving settings when uninstalling.  That will cause all traces of the Snort configuration to be removed when you uninstall the package.  So uncheck this box, save the change, then go to System > Packages and remove the Snort package.

                                        Now when you install the package again, it will be a total green-field install with no previous settings.  In other words, everything you had configured in the past will be wiped out in terms of the Snort configuration.

                                        Bill

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          Abhishek
                                          last edited by Apr 12, 2016, 12:31 PM

                                          Thank you , now snort is working perfect :) , thank you

                                          2.3-RC (amd64)
                                          built on Mon Apr 04 17:09:32 CDT 2016
                                          FreeBSD 10.3-RELEASE
                                          Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                                          darkstat 3.1.2_1
                                          Lightsquid 3.0.3_1
                                          mailreport 3.0_1
                                          pfBlockerNG 2.0.9_1  
                                          RRD_Summary 1.3.1_2
                                          snort 3.2.9.1_9  
                                          squid 0.4.16_1  
                                          squidGuard 1.14_1
                                          syslog-ng 1.1.2_2

                                          1 Reply Last reply Reply Quote 0
                                          1 out of 22
                                          • First post
                                            1/22
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received