Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Subscription Rule Download Fails

From: "Kim Premuda" <kim () armsd com>
Date: Mon, 6 Jul 2020 15:08:57 -0700
Hello, Joel.

 

I was looking for the definition of 422 and could not find one. So, thank you for that. And, you are correct…the 
filename I entered was wrong having an extra hyphen. Lately, I have been doing a fair amount of coding in CSS .less, 
and, most likely, introduced the extra hyphen without realizing that I did it.

 

Someone else pointed out that Suricata and the Snort rule set do not mesh well. I have the option in pfSense to 
uninstall the Suricata service and install the Snort service.  I may experiment with both systems to see which one 
works best for us.

 

Thanks for your help!

 

Kim W. Premuda

 



*619-596-9404 Office     858-487-1400 Cell     * <mailto:kim () armsd com> kim () armsd com     * 
<http://www.armsd.com/> www.armsd.com

 

 

From: Joel Esler (jesler) <jesler () cisco com> 
Sent: Monday, July 6, 2020 5:39 AM
To: Kim Premuda <kim () armsd com>
Cc: snort-sigs () lists snort org
Subject: Re: [Snort-sigs] Subscription Rule Download Fails

 

Hello Kim,

 

422 means the file doesn’t exist, your filename looks to be wrong.  snortrules-snapshot-29160.tar.gz should be correct.

 

Also, Suricata is not fully compatible with the Snort rules language, so your results may vary.

 

 

-- 

Joel Esler

Manager, Communities Division

Cisco Talos Intelligence Group

http://www.talosintelligence.com | https://www.snort.org





On Jul 4, 2020, at 5:27 PM, Kim Premuda <kim () armsd com <mailto:kim () armsd com> > wrote:

 

pfSense 2.4.5

Suricata 5.0.2_3

Snort subscriber rules

 

I purchased thee $399 rule subscription but seem to be having trouble getting the subscription rules to download. A 
month or so prior to the purchase, I was using the Snort GPLv2 Community rules which downloaded/updated with no 
problem...and still do, since I reverted back to them. For the subscription rules in Suricata, I enter the following:

 

              Snort Rules Filename: snort-rules-snapshot-29160.tar.gz

              Snort Oinkmaster Code: ***************

              Install Snort GPLv2 Community rules: disabled

 

and save the changes. When I update the rules, I get the following log message:

 

Downloading Snort VRT rules md5 file...

              Snort VRT rules md5 download failed.

              Server returned error code 422.

              Server error message was: 

              Snort VRT rules will not be updated.

 

Things that I tried to get the download to work (from various Internet searches):

 

             Disabled all rules except for the Snort subscription rules.

             Removed pfBlockerNG (I wasn't using it).

             Regenerated the Oinkmaster code.

             Restarted Suricata services.

             Rebooted pfSense.

 

I am technically competent, however, pfSense, Suricata, and Snort rules are relatively new to me (about 2 months 
experience). So, I am reaching out for help, because I am not understanding why the download fails. Thank you in 
advance for any assistance you may provide.

 

 

Kim Premuda

 

 

_______________________________________________
Snort-sigs mailing list
 <mailto:Snort-sigs () lists snort org> Snort-sigs () lists snort org
 <https://lists.snort.org/mailman/listinfo/snort-sigs> https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit  <http://blog.snort.org/> http://blog.snort.org for the latest news about Snort!

Please follow these rules:  <https://snort.org/faq/what-is-the-mailing-list-etiquette> 
https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the  <http://snort.org/> Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to 
catch the most <a href="  <https://snort.org/downloads/#rule-downloads> 
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

 



_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: