Netgate SG-1000 microFirewall

Author Topic: Snort not updating OpenAppID detectors in addition to VRT Rules and Emerging Thr  (Read 199 times)

0 Members and 1 Guest are viewing this topic.

Offline renolatino

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hi again,

Thanks in advance for the help.  I have lost another IPS ruleset, this time it's OpenAppID, it's not updating.  This in addition to VRT Rules and Emerging Threats.

This happens even when I select Force Updates button.

I am getting the following in the logs:

Starting rules update...  Time: 2017-02-17 10:30:56
   Downloading Snort VRT rules md5 file snortrules-snapshot-2983.tar.gz.md5...
   Snort VRT rules md5 download failed.
   Server returned error code 429.
   Server error message was:
   Snort VRT rules will not be updated.
   Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
   Snort OpenAppID detectors md5 download failed.
   Server returned error code 429.
   Server error message was:
   Snort OpenAppID detectors will not be updated.
   Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
   Checking Snort OpenAppID RULES detectors md5 file...
   There is a new set of Snort OpenAppID RULES detectors posted.
   Downloading file 'appid_rules.tar.gz'...
   Done downloading rules file.
   Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
   Checking Snort GPLv2 Community Rules md5 file...
   There is a new set of Snort GPLv2 Community Rules posted.
   Downloading file 'community-rules.tar.gz'...
   Done downloading rules file.
   Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
   Checking Emerging Threats Open rules md5 file...
   There is a new set of Emerging Threats Open rules posted.
   Downloading file 'emerging.rules.tar.gz'...
   Done downloading rules file.
   Emerging Threats Open rules file download failed.  Bad MD5 checksum.
   Downloaded Emerging Threats Open rules file MD5: e22067e6350bcfb96ebbd47559dc9774
   Expected Emerging Threats Open rules file MD5: 741206baaeff2b2e054498588d0c4497
   Emerging Threats Open rules file download failed.  Emerging Threats Open rules will not be updated.
   Extracting and installing Snort OpenAppID detectors...
   Installation of Snort OpenAppID detectors completed.
   Extracting and installing Snort GPLv2 Community Rules...
   Installation of Snort GPLv2 Community Rules completed.
   Copying new config and map files...
   Updating rules configuration for: WAN ...
   Updating rules configuration for: LAN ...
   Restarting Snort to activate the new set of rules...
   Snort has restarted with your new set of rules.
The Rules update has finished.  Time: 2017-02-17 10:31:08

Any help or advice would be welcomed.

Thanks again.

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 7953
  • Karma: +819/-214
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Have you read the previous ~1356 threads about MD5 checksums mismatch?

HTTP 429 - server too busy. Stop hammering it, and wait a day or two before someone bothered to fix the checksums again. Yeah, nothing at all will happen meanwhile, it's not like the signatures would be updated every 5 minutes or it'd be the end of the world to not have the latest ones. Do NOT hammer the server 20 times per hour. That won't fix it. Broken checksums and server too busy are not pfSense package issues.
Do NOT PM for help!