Show Posts
1
Intrusion Detection and Prevention / Snort VRT ruleset installation timeout, [Errno 32] Broken pipe
« on: January 31, 2022, 09:46:02 pm »
Just moved from Pfsense to Opnsense (very impressed so far!) with a fresh install on 21.7.7 (upgraded to 21.7.8 ). Hardware is a Dell R210 II 4c/8t Xeon with 16GB RAM and a ZFS-mirrored SSD.
Installed the os-intrusion-detection-content-snort-vrt plugin for Snort (which i have a subscription for).
When running the update SOME of the SNORT rules gets downloaded and installed but not all.
This due to what seems a time out of 120 seconds.
In configd_20220131.log
Looking in system log, the download of the snort rules looks ok
Anyone have an idea? Am i doing something wrong?
Installed the os-intrusion-detection-content-snort-vrt plugin for Snort (which i have a subscription for).
When running the update SOME of the SNORT rules gets downloaded and installed but not all.
This due to what seems a time out of 120 seconds.
In configd_20220131.log
Code: [Select]
Jan 31 21:31:27 firewall configd.py[13491]: [77e062a7-f633-4a17-ac8f-2458ed4afcb3] generate template OPNsense/IDS
Jan 31 21:31:27 firewall configd.py[13491]: generate template container OPNsense/IDS
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/rules/OPNsense.rules
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/classification.config
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/custom.yaml
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //etc/newsyslog.conf.d/suricata
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //etc/rc.conf.d/suricata
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/reference.config
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/rule-updater.config
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/rule-policies.config
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/rules.config
Jan 31 21:31:28 firewall configd.py[13491]: OPNsense/IDS generated //usr/local/etc/suricata/suricata.yaml
Jan 31 21:31:28 firewall configd.py[13491]: [9507b6b4-4d79-4488-a778-b6f3e245da0a] update and reload intrusion detection rules
Jan 31 21:33:30 firewall configd.py[62760]: Timeout (120) executing : ids update
Jan 31 21:33:30 firewall configd.py[13491]: [36a2fa56-4111-4cb9-ab77-4e215c76ef9a] request installable rules
Jan 31 21:33:31 firewall configd.py[13491]: [08d65156-6bf7-465b-8c42-fa919c16019d] request suricata rule metadata
an 31 21:37:42 firewall configd.py[13491]: unable to sendback response [OK ] for [ids][update][None] {9507b6b4-4d79-4488-a778-b6f3e245da0a}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall(('%s\n' % result).encode()) BrokenPipeError: [Errno 32] Broken pipe
Looking in system log, the download of the snort rules looks ok
Code: [Select]
Jan 31 21:34:28 firewall /rule-updater.py[51351]: download completed for https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=xxxAnyone have an idea? Am i doing something wrong?