Re: Snort Rules

[Georgi Sinapov <bofh () bofh bg>]

Just for the sake of completness... pfSense + snort, no issues updating,
but recently snort has started stoping on interface after rules update..
Starting rules update... Time: 2017-05-21 00:05:00 Downloading Snort VRT
rules md5 file snortrules-snapshot-2983.tar.gz.md5... Checking Snort VRT
rules md5 file... Snort VRT rules are up to date. Downloading Snort
OpenAppID detectors md5 file snort-openappid.tar.gz.md5... Checking Snort
OpenAppID detectors md5 file... Snort OpenAppID detectors are up to date.
Downloading Snort OpenAppID RULES detectors md5 file
appid_rules.tar.gz.md5... Checking Snort OpenAppID RULES detectors md5
file... There is a new set of Snort OpenAppID RULES detectors posted.
Downloading file 'appid_rules.tar.gz'... Done downloading rules file.
Downloading Snort GPLv2 Community Rules md5 file
community-rules.tar.gz.md5... Checking Snort GPLv2 Community Rules md5
file... Snort GPLv2 Community Rules are up to date. Downloading Emerging
Threats Open rules md5 file emerging.rules.tar.gz.md5... Checking Emerging
Threats Open rules md5 file... There is a new set of Emerging Threats Open
rules posted. Downloading file 'emerging.rules.tar.gz'... Done downloading
rules file. Extracting and installing Snort OpenAppID detectors...
Installation of Snort OpenAppID detectors completed. Extracting and
installing Emerging Threats Open rules... Installation of Emerging Threats
Open rules completed. Copying new config and map files... Updating rules
configuration for: XYZ ...The Rules update has finished. Time: 2017-05-21
00:07:02


Starting rules update... Time: 2017-05-22 00:05:00 Downloading Snort VRT
rules md5 file snortrules-snapshot-2983.tar.gz.md5... Checking Snort VRT
rules md5 file... Snort VRT rules are up to date. Downloading Snort
OpenAppID detectors md5 file snort-openappid.tar.gz.md5... Checking Snort
OpenAppID detectors md5 file... Snort OpenAppID detectors are up to date.
Downloading Snort OpenAppID RULES detectors md5 file
appid_rules.tar.gz.md5... Checking Snort OpenAppID RULES detectors md5
file... There is a new set of Snort OpenAppID RULES detectors posted.
Downloading file 'appid_rules.tar.gz'... Done downloading rules file.
Downloading Snort GPLv2 Community Rules md5 file
community-rules.tar.gz.md5... Checking Snort GPLv2 Community Rules md5
file... Snort GPLv2 Community Rules are up to date. Downloading Emerging
Threats Open rules md5 file emerging.rules.tar.gz.md5... Checking Emerging
Threats Open rules md5 file... Emerging Threats Open rules are up to date.
Extracting and installing Snort OpenAppID detectors... Installation of
Snort OpenAppID detectors completed.The Rules update has finished. Time:
2017-05-22 00:05:38
No rules config update for the interface, though....
Best e-gards,Georgi Sinapov


----- Цитат от Joel Esler (jesler) (jesler () cisco com), на
22.05.2017 в 15:34 -----
I have received this complaint from about 4 people from the last week. All
from pfsense users.Nothing has changed on our side, and since all the
complaints are from pfsense users, I’m starting to draw a correlation to
where the problem may lie.
--Joel Esler | Talos: Manager | jesler () cisco com


On May 22, 2017, at 3:48 AM, Bradley Edwards  wrote:
Hi,I have a few issues with Snort Rules Updates.I have a subscription, but
cannot update rules.Log shows Snort VRT rules md5 download failed.Server
returned error code 0Same for OpenAppid and Snort GPLv2 community
rules.Lates version of pfsense and snort.This is a new install with
pfBlockerNG the only package running. Snort isdisabled as it was blocking
everything.
Kind regards,Brad

-------------------------------------
пощата на този домейн се хоства от Mail.bg
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!