[Snort-users] Problem with snort VRT rules

Joel Esler (jesler) jesler at cisco.com
Fri Sep 1 17:14:23 EDT 2017


Error 422 means you are attempting to download a version of the ruleset that no longer exists.

Looks like your Snort version on your box is out of date.


--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Sep 1, 2017, at 4:14 PM, PNR INFORMATIQUE <pnrinformatique at aerco-cg.com<mailto:pnrinformatique at aerco-cg.com>> wrote:

Hi everyone!

I need help (see message in yellow). I do not know how to solve the problem. Note that snort service is still down.

Snort Download packets starts here:

>>> Installing pfSense-pkg-snort...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
                pfSense-pkg-snort: 3.2.9.5 [pfSense]

Number of packages to be installed: 1
[1/1] Installing pfSense-pkg-snort-3.2.9.5...
[1/1] Extracting pfSense-pkg-snort-3.2.9.5: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected.
Migrating settings to new configuration... done.
Downloading Snort VRT rules md5 file... FAILED!
Snort VRT rules md5 error ... Server returned error code 422 ...
Snort VRT rules will not be updated.
Server returned error code 422.
Downloading Snort OpenAppID detectors md5 file... done.
Checking Snort OpenAppID detectors md5 file... done.
There is a new set of Snort OpenAppID detectors posted.
Downloading snort-openappid.tar.gz... done.
Downloading Snort OpenAppID RULES detectors md5 file... done.
Checking Snort OpenAppID RULES detectors md5 file... done.
There is a new set of Snort OpenAppID RULES detectors posted.
Downloading appid_rules.tar.gz... done.
Downloading Snort GPLv2 Community Rules md5 file... done.
Checking Snort GPLv2 Community Rules md5 file... done.
There is a new set of Snort GPLv2 Community Rules posted.
Downloading community-rules.tar.gz... done.
Downloading Emerging Threats Open rules md5 file... done.
Checking Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted.
Downloading emerging.rules.tar.gz... done.
Installing Snort OpenAppID detectors...Copying md5 signature to snort directory... done.
Installing Snort OpenAppID RULES detectors...Copying md5 signature to snort directory... done.
Installing Snort GPLv2 Community Rules... done.
Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
Updating rules configuration for: LAN ... done.
Updating rules configuration for: WAN ... done.
Cleaning up temp dirs and files... done.
The Rules update has finished.
Generating snort.conf configuration file from saved settings.
Generating configuration for LAN...
done.
Generating configuration for WAN...
done.
Generating snort.sh script in /usr/local/etc/rc.d/... done.
Finished rebuilding Snort configuration files.
done.
Executing custom_php_resync_config_command()...

done.
Menu items... done.
Services... done.
Writing configuration... done.
Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.Message from pfSense-pkg-snort-3.2.9.5:
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.
>>> Cleaning up cache... done.
Success
_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170901/ea2a49c9/attachment.html>


More information about the Snort-users mailing list