[SOLVED] snort rules

[Rout3rx]

hello
i updated opnsense and saw the snort compatible rules appear, i setup the plugin but i cannot install the rules which is appear in Downloads tab in intrusion system.
what can i do?
i saw a path this file:
snortrules-snapshot-2990.tar.gz
what is it?

[franco]

It's a mock default value, you need the proper one and oink code anyway:

https://github.com/opnsense/plugins/blob/master/security/intrusion-detection-content-snort-vrt/src/opnsense/scripts/suricata/metadata/rules/snort-vrt.xml#L126

You find the settings underneath the download tab underneath the rules:

snort_vrt.oinkcode
snort_vrt.rulesfile

As described in https://www.snort.org/oinkcodes


Cheers,
Franco

[Rout3rx]

i set the oinkcode and try to download but nothing downloaded

[Rout3rx]

thanks, it's goes to download after some seconds.

[peter008]

Where do I find the snort-vrt.xml file actually to paste the Oinkcode?

I did not find it under /usr/local/opnsense/scripts/suricata/metadata/rules .

[franco]

Services: Intrusion Detection: Administration: Tab "Download" at the bottom:

snort_vrt.oinkcode   
snort_vrt.rulesfile


Cheers,
Franco

[franco]

PS: Don't forget to install the os-intrusion-detection-content-snort-vrt plugin....

[peter008]

Ah, ok, I did not know this plugin yet (came from pfsense where it does not exist).

Works now.

Thanks a lot.

[franco]

Ah great, no problem