Giter VIP home page Giter VIP logo

Comments (23)

pevma avatar pevma commented on June 13, 2024

This is similar to - #27

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

Would be great to have this option in future releases

from scirius.

regit avatar regit commented on June 13, 2024

Closing as it is a duplicate.

from scirius.

regit avatar regit commented on June 13, 2024

I've reread this issue and it is not a duplicate. I've also checked the structure of ruleset and it is not really a duplicate on this side.

from scirius.

regit avatar regit commented on June 13, 2024

I have just pushed a few commits improving error reporting. In your case, it is probable that you get an error from server but it was not displayed correctly. With new version you should see an explicit message.

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

ok! how do I actually upgrade scirius without need to reload all the sources? where does it store them?

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

I've recloned master quickly and tried it again…
untitled

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

I've tried it again (after discovering this issue:#43)
And got this:
untitled1
May this be 'cause of Oink-code should be provided through a pipe? At least this way it works in pulledpork…

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

Also tried to update this rule and got:
Can not fetch data: No connection adapters were found for 'rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|44116283d5bb170b010082666768b91083bfdb02'

from scirius.

regit avatar regit commented on June 13, 2024

You have prefixed with rule_url so it can not work. I have done the test removing it and I've got a 404 instead.
From https://www.snort.org/oinkcodes you should use the following syntax:

https://www.snort.org/rules/<file_name>?oinkcode=<oinkcode>

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

Gotcha! Will try it after #43 being fixed…

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

so it adds rules but any time I'm adding new source I get this:
1
2
3

from scirius.

regit avatar regit commented on June 13, 2024

Ok, it may be linked with the git-sources directory not being clean. Could you remove dir in it and reset the app (remove sources or do a full reset).

from scirius.

regit avatar regit commented on June 13, 2024

By the way, @Drewshg312 please do a git pull before running next tests.

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

rm -rf git-sources && git pull and restarting server did not solve the problem - still the same issues

from scirius.

regit avatar regit commented on June 13, 2024

Do you have any log on console side ? Is suricata binary in the path ? The second message "Error during source update" (should be source testing) could be explained by that.

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

That's what I've got for Community rules:
1

Then I pressed yellow button and…
2

shell log:

Quit the server with CONTROL-C.
/usr/local/lib/python2.7/site-packages/django_tables2/tables.py:178: RemovedInDjango19Warning:     SortedDict is deprecated and will be removed in Django 1.9.
  extra = SortedDict()

[07/Aug/2015 06:06:48]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:06:48]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:06:48]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:06:48]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:06:50]"POST /rules/source/add HTTP/1.1" 200 18303
[07/Aug/2015 06:06:50]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:06:50]"GET /rules/es?query=dashboards HTTP/1.1" 200 2
[07/Aug/2015 06:06:50]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:06:50]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:06:50]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:06:53]"GET /rules/source/8/update HTTP/1.1" 200 16
[07/Aug/2015 06:06:53]"GET /rules/source/8/test HTTP/1.1" 200 302
[07/Aug/2015 06:07:20]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:07:20]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:07:20]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:07:20]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:07:50]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:07:50]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:07:50]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:07:50]"GET /rules/info?query=disk HTTP/1.1" 200 47
/usr/local/lib/python2.7/site-packages/django/utils/datastructures.py:154: RemovedInDjango19Warning: SortedDict is deprecated and will be removed in Django 1.9.
  for key, value in self.items()])

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

This is for VRT:

3

Log:

Quit the server with CONTROL-C.
/usr/local/lib/python2.7/site-packages/django_tables2/tables.py:178: RemovedInDjango19Warning: SortedDict is deprecated and will be removed in Django 1.9.
  extra = SortedDict()

[07/Aug/2015 06:22:14]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:22:14]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:22:14]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:22:14]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:22:21]"POST /rules/source/add HTTP/1.1" 200 18288
[07/Aug/2015 06:22:21]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:22:21]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:22:21]"GET /rules/es?query=dashboards HTTP/1.1" 200 2
[07/Aug/2015 06:22:21]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:22:21]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:22:51]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:22:51]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:22:51]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:22:51]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:23:28]"GET /rules/es?query=health HTTP/1.1" 500 15089
[07/Aug/2015 06:23:28]"GET /rules/info?query=status HTTP/1.1" 500 15097
[07/Aug/2015 06:23:28]"GET /rules/info?query=memory HTTP/1.1" 500 15097
[07/Aug/2015 06:23:28]"GET /rules/info?query=disk HTTP/1.1" 500 15091
[07/Aug/2015 06:23:45]"GET /rules/source/9/update HTTP/1.1" 200 16
- Broken pipe from ('127.0.0.1', 62747)
[07/Aug/2015 06:23:58]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:23:58]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:23:58]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:23:58]"GET /rules/info?query=disk HTTP/1.1" 200 47

from scirius.

regit avatar regit commented on June 13, 2024

So community is OK. Some of the snort rules are not correct so error are not a surprised.
On vrt side, how long does it takes you to download them ? You may exceed the defined timeout.

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

Yeah, takes a few minutes

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

Actually when I create "Suricata" and select all (update, build,push) options, and the output file is set to my suricata rules folder (/usr/local/etc/suricata/rules) it creates not only a scirius.rules file but also another rules folder inside the /usr/local/etc/suricata/rules so like this:

/usr/local/etc/suricata/rules/rules/
/usr/local/etc/suricata/rules/scirius.rules

Is it normal?

from scirius.

drew1kun avatar drew1kun commented on June 13, 2024

And what "push" supposed to do? Restart the daemon? Should it somehow interact with suricata through the unix socket? Or just do something like
launchctl unload suricata.daemon.plist && launchctl unload suricata.daemon.plist?

from scirius.

regit avatar regit commented on June 13, 2024

Yes and no: scirius is not supposed to run as root so it can not restart a service. For that it is using a 'command' file to warn the suri_reloader script that a restart is needed.
In that script you can or use a signal (to trigger a reload of rules) or do a system restart. For now only 'service suricata restart' is run. So you may need to tune/patch this script for MacOSX.

from scirius.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.