Snort VRT ruleset installation timeout, [Errno 32] Broken pipe

Started by opnswe, January 31, 2022, 09:46:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2022, 09:46:02 PM Last Edit: January 31, 2022, 09:47:52 PM by opnswe
Just moved from Pfsense to Opnsense (very impressed so far!) with a fresh install on 21.7.7 (upgraded to 21.7.8 ). Hardware is a Dell R210 II 4c/8t Xeon with 16GB RAM and a ZFS-mirrored SSD.

Installed the os-intrusion-detection-content-snort-vrt plugin for Snort (which i have a subscription for).

When running the update SOME of the SNORT rules gets downloaded and installed but not all.

This due to what seems a time out of 120 seconds.

In configd_20220131.log
Code Select
Jan 31 21:31:27 firewall configd.py[13491]: [77e062a7-f633-4a17-ac8f-2458ed4afcb3] generate template OPNsense/IDS
Jan 31 21:31:27 firewall configd.py[13491]: generate template container OPNsense/IDS
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/rules/OPNsense.rules
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/classification.config
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/custom.yaml
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //etc/newsyslog.conf.d/suricata
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //etc/rc.conf.d/suricata
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/reference.config
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/rule-updater.config
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/rule-policies.config
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/rules.config
Jan 31 21:31:28 firewall configd.py[13491]:  OPNsense/IDS generated //usr/local/etc/suricata/suricata.yaml
Jan 31 21:31:28 firewall configd.py[13491]: [9507b6b4-4d79-4488-a778-b6f3e245da0a] update and reload intrusion detection rules
Jan 31 21:33:30 firewall configd.py[62760]: Timeout (120) executing : ids update
Jan 31 21:33:30 firewall configd.py[13491]: [36a2fa56-4111-4cb9-ab77-4e215c76ef9a] request installable rules
Jan 31 21:33:31 firewall configd.py[13491]: [08d65156-6bf7-465b-8c42-fa919c16019d] request suricata rule metadata
an 31 21:37:42 firewall configd.py[13491]: unable to sendback response [OK ] for [ids][update][None] {9507b6b4-4d79-4488-a778-b6f3e245da0a}, message was Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run     self.connection.sendall(('%s\n' % result).encode()) BrokenPipeError: [Errno 32] Broken pipe




Looking in system log, the download of the snort rules looks ok
Code Select
Jan 31 21:34:28 firewall /rule-updater.py[51351]: download completed for https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=xxx

Anyone have an idea? Am i doing something wrong?



Print
Go Up Pages1
User actions