Snort mailing list archives
Re: Subscription Rule Download Fails
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Mon, 6 Jul 2020 12:39:23 +0000
Hello Kim, 422 means the file doesn’t exist, your filename looks to be wrong. snortrules-snapshot-29160.tar.gz should be correct. Also, Suricata is not fully compatible with the Snort rules language, so your results may vary. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com | https://www.snort.org
On Jul 4, 2020, at 5:27 PM, Kim Premuda <kim () armsd com> wrote: pfSense 2.4.5 Suricata 5.0.2_3 Snort subscriber rules I purchased thee $399 rule subscription but seem to be having trouble getting the subscription rules to download. A month or so prior to the purchase, I was using the Snort GPLv2 Community rules which downloaded/updated with no problem...and still do, since I reverted back to them. For the subscription rules in Suricata, I enter the following: Snort Rules Filename: snort-rules-snapshot-29160.tar.gz Snort Oinkmaster Code: *************** Install Snort GPLv2 Community rules: disabled and save the changes. When I update the rules, I get the following log message: Downloading Snort VRT rules md5 file... Snort VRT rules md5 download failed. Server returned error code 422. Server error message was: Snort VRT rules will not be updated. Things that I tried to get the download to work (from various Internet searches): Disabled all rules except for the Snort subscription rules. Removed pfBlockerNG (I wasn't using it). Regenerated the Oinkmaster code. Restarted Suricata services. Rebooted pfSense. I am technically competent, however, pfSense, Suricata, and Snort rules are relatively new to me (about 2 months experience). So, I am reaching out for help, because I am not understanding why the download fails. Thank you in advance for any assistance you may provide. Kim Premuda _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs <https://lists.snort.org/mailman/listinfo/snort-sigs> Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette> Visit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads <https://snort.org/downloads/#rule-downloads>">emerging threats</a>!
Attachment:
smime.p7s
Description:
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Subscription Rule Download Fails Kim Premuda (Jul 05)
- Re: Subscription Rule Download Fails Joel Esler (jesler) via Snort-sigs (Jul 06)
- Re: Subscription Rule Download Fails Kim Premuda (Jul 06)
- Re: Subscription Rule Download Fails Joel Esler (jesler) via Snort-sigs (Jul 06)