Re: Subscription Rule Download Fails

["Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>]

Hello Kim,

422 means the file doesn’t exist, your filename looks to be wrong.  snortrules-snapshot-29160.tar.gz should be correct.

Also, Suricata is not fully compatible with the Snort rules language, so your results may vary.


-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

> On Jul 4, 2020, at 5:27 PM, Kim Premuda <kim () armsd com> wrote:
>
> pfSense 2.4.5
> Suricata 5.0.2_3
> Snort subscriber rules
>  
> I purchased thee $399 rule subscription but seem to be having trouble getting the subscription rules to download. A 
> month or so prior to the purchase, I was using the Snort GPLv2 Community rules which downloaded/updated with no 
> problem...and still do, since I reverted back to them. For the subscription rules in Suricata, I enter the following:
>  
>               Snort Rules Filename: snort-rules-snapshot-29160.tar.gz
>               Snort Oinkmaster Code: ***************
>               Install Snort GPLv2 Community rules: disabled
>  
> and save the changes. When I update the rules, I get the following log message:
>  
> Downloading Snort VRT rules md5 file...
>               Snort VRT rules md5 download failed.
>               Server returned error code 422.
>               Server error message was: 
>               Snort VRT rules will not be updated.
>  
> Things that I tried to get the download to work (from various Internet searches):
>  
>              Disabled all rules except for the Snort subscription rules.
>              Removed pfBlockerNG (I wasn't using it).
>              Regenerated the Oinkmaster code.
>              Restarted Suricata services.
>              Rebooted pfSense.
>  
> I am technically competent, however, pfSense, Suricata, and Snort rules are relatively new to me (about 2 months 
> experience). So, I am reaching out for help, because I am not understanding why the download fails. Thank you in 
> advance for any assistance you may provide.
>  
>  
> Kim Premuda
>  
>  
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org>
> https://lists.snort.org/mailman/listinfo/snort-sigs <https://lists.snort.org/mailman/listinfo/snort-sigs>
>
> Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette 
> <https://snort.org/faq/what-is-the-mailing-list-etiquette>
>
> Visit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to 
> catch the most <a href=" https://snort.org/downloads/#rule-downloads 
> <https://snort.org/downloads/#rule-downloads>">emerging threats</a>!

Attachment: smime.p7s
Description:

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!