Netgate SG-1000 microFirewall

Author Topic: Unable to Update SNORT Rules  (Read 109 times)

0 Members and 1 Guest are viewing this topic.

Offline Wroxc

  • Full Member
  • ***
  • Posts: 182
  • Karma: +0/-0
    • View Profile
Unable to Update SNORT Rules
« on: January 24, 2018, 03:11:56 am »
Hi,
I have pfsense with below details.

2.3.4-RELEASE-p1 (i386)
built on Fri Jul 14 14:53:03 CDT 2017
FreeBSD 10.3-RELEASE-p19



i have a valid oinkmaster code and cannot update the rules.getting below error.

Snort Version is 3.2.9.5_3

no ipblocker etc is installed.

Quote
Starting rules update...  Time: 2018-01-23 17:05:00
   Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
   Checking Snort VRT rules md5 file...
   There is a new set of Snort VRT rules posted.
   Downloading file 'snortrules-snapshot-2990.tar.gz'...
   Done downloading rules file.
   Snort VRT rules file download failed.  Bad MD5 checksum.
   Downloaded Snort VRT rules file MD5: 92c1d9793523ce75d925e5bef8d31529
   Expected Snort VRT rules file MD5: 78c94ae8d2f4a1310c7307c82bd6991c
   Snort VRT rules file download failed.  Snort VRT rules will not be updated.
   Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
   Checking Emerging Threats Open rules md5 file...
   There is a new set of Emerging Threats Open rules posted.
   Downloading file 'emerging.rules.tar.gz'...
   Done downloading rules file.
   Emerging Threats Open rules file download failed.  Bad MD5 checksum.
   Downloaded Emerging Threats Open rules file MD5: d41d8cd98f00b204e9800998ecf8427e
   Expected Emerging Threats Open rules file MD5: 829c081845f1c81cdcce8e6ec6f99a5b
   Emerging Threats Open rules file download failed.  Emerging Threats Open rules will not be updated.
The Rules update has finished.  Time: 2018-01-23 17:11:25

Offline Wroxc

  • Full Member
  • ***
  • Posts: 182
  • Karma: +0/-0
    • View Profile
Re: Unable to Update SNORT Rules
« Reply #1 on: January 24, 2018, 04:14:53 am »
OK seems like /tmp was full.

Resolved my issue by increasing the /tmp size to 300MB since i have plenty of ram

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3298
  • Karma: +862/-0
    • View Profile
Re: Unable to Update SNORT Rules
« Reply #2 on: January 24, 2018, 08:45:20 am »
OK seems like /tmp was full.

Resolved my issue by increasing the /tmp size to 300MB since i have plenty of ram

Yep, Snort and RAM disks are not friends!  I don't recommend that configuration, but if you do, make sure you have at least 300 MB configured for /tmp and the same or more for /var if that is also a RAM disk.  Snort downloads and extracts rule updates into /tmp, and all the logs are on /var.

Bill