hello
i updated opnsense and saw the snort compatible rules appear, i setup the plugin but i cannot install the rules which is appear in Downloads tab in intrusion system.
what can i do?
i saw a path this file:
snortrules-snapshot-2990.tar.gz
what is it?
It's a mock default value, you need the proper one and oink code anyway:
https://github.com/opnsense/plugins/blob/master/security/intrusion-detection-content-snort-vrt/src/opnsense/scripts/suricata/metadata/rules/snort-vrt.xml#L126
You find the settings underneath the download tab underneath the rules:
snort_vrt.oinkcode
snort_vrt.rulesfile
As described in https://www.snort.org/oinkcodes
Cheers,
Franco
i set the oinkcode and try to download but nothing downloaded
thanks, it's goes to download after some seconds.
Where do I find the snort-vrt.xml file actually to paste the Oinkcode?
I did not find it under /usr/local/opnsense/scripts/suricata/metadata/rules .
Services: Intrusion Detection: Administration: Tab "Download" at the bottom:
snort_vrt.oinkcode
snort_vrt.rulesfile
Cheers,
Franco
PS: Don't forget to install the os-intrusion-detection-content-snort-vrt plugin....
Ah, ok, I did not know this plugin yet (came from pfsense where it does not exist).
Works now.
Thanks a lot.
Ah great, no problem :)