![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Subscription Rule Download Fails
From: "Kim Premuda" <kim () armsd com>
Date: Mon, 6 Jul 2020 15:08:57 -0700
Hello, Joel. I was looking for the definition of 422 and could not find one. So, thank you for that. And, you are correct…the filename I entered was wrong having an extra hyphen. Lately, I have been doing a fair amount of coding in CSS .less, and, most likely, introduced the extra hyphen without realizing that I did it. Someone else pointed out that Suricata and the Snort rule set do not mesh well. I have the option in pfSense to uninstall the Suricata service and install the Snort service. I may experiment with both systems to see which one works best for us. Thanks for your help! Kim W. Premuda *619-596-9404 Office 858-487-1400 Cell * <mailto:kim () armsd com> kim () armsd com * <http://www.armsd.com/> www.armsd.com From: Joel Esler (jesler) <jesler () cisco com> Sent: Monday, July 6, 2020 5:39 AM To: Kim Premuda <kim () armsd com> Cc: snort-sigs () lists snort org Subject: Re: [Snort-sigs] Subscription Rule Download Fails Hello Kim, 422 means the file doesn’t exist, your filename looks to be wrong. snortrules-snapshot-29160.tar.gz should be correct. Also, Suricata is not fully compatible with the Snort rules language, so your results may vary. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com | https://www.snort.org On Jul 4, 2020, at 5:27 PM, Kim Premuda <kim () armsd com <mailto:kim () armsd com> > wrote: pfSense 2.4.5 Suricata 5.0.2_3 Snort subscriber rules I purchased thee $399 rule subscription but seem to be having trouble getting the subscription rules to download. A month or so prior to the purchase, I was using the Snort GPLv2 Community rules which downloaded/updated with no problem...and still do, since I reverted back to them. For the subscription rules in Suricata, I enter the following: Snort Rules Filename: snort-rules-snapshot-29160.tar.gz Snort Oinkmaster Code: *************** Install Snort GPLv2 Community rules: disabled and save the changes. When I update the rules, I get the following log message: Downloading Snort VRT rules md5 file... Snort VRT rules md5 download failed. Server returned error code 422. Server error message was: Snort VRT rules will not be updated. Things that I tried to get the download to work (from various Internet searches): Disabled all rules except for the Snort subscription rules. Removed pfBlockerNG (I wasn't using it). Regenerated the Oinkmaster code. Restarted Suricata services. Rebooted pfSense. I am technically competent, however, pfSense, Suricata, and Snort rules are relatively new to me (about 2 months experience). So, I am reaching out for help, because I am not understanding why the download fails. Thank you in advance for any assistance you may provide. Kim Premuda _______________________________________________ Snort-sigs mailing list <mailto:Snort-sigs () lists snort org> Snort-sigs () lists snort org <https://lists.snort.org/mailman/listinfo/snort-sigs> https://lists.snort.org/mailman/listinfo/snort-sigs Please visit <http://blog.snort.org/> http://blog.snort.org for the latest news about Snort! Please follow these rules: <https://snort.org/faq/what-is-the-mailing-list-etiquette> https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the <http://snort.org/> Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" <https://snort.org/downloads/#rule-downloads> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Subscription Rule Download Fails Kim Premuda (Jul 05)
- Re: Subscription Rule Download Fails Joel Esler (jesler) via Snort-sigs (Jul 06)
- Re: Subscription Rule Download Fails Kim Premuda (Jul 06)
- Re: Subscription Rule Download Fails Joel Esler (jesler) via Snort-sigs (Jul 06)