Comments (23)
This is similar to - #27
from scirius.
Would be great to have this option in future releases
from scirius.
Closing as it is a duplicate.
from scirius.
I've reread this issue and it is not a duplicate. I've also checked the structure of ruleset and it is not really a duplicate on this side.
from scirius.
I have just pushed a few commits improving error reporting. In your case, it is probable that you get an error from server but it was not displayed correctly. With new version you should see an explicit message.
from scirius.
ok! how do I actually upgrade scirius without need to reload all the sources? where does it store them?
from scirius.
I've recloned master quickly and tried it again…
from scirius.
I've tried it again (after discovering this issue:#43)
And got this:
May this be 'cause of Oink-code should be provided through a pipe? At least this way it works in pulledpork…
from scirius.
Also tried to update this rule and got:
Can not fetch data: No connection adapters were found for 'rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|44116283d5bb170b010082666768b91083bfdb02'
from scirius.
You have prefixed with rule_url so it can not work. I have done the test removing it and I've got a 404 instead.
From https://www.snort.org/oinkcodes you should use the following syntax:
https://www.snort.org/rules/<file_name>?oinkcode=<oinkcode>
from scirius.
Gotcha! Will try it after #43 being fixed…
from scirius.
so it adds rules but any time I'm adding new source I get this:
from scirius.
Ok, it may be linked with the git-sources directory not being clean. Could you remove dir in it and reset the app (remove sources or do a full reset).
from scirius.
By the way, @Drewshg312 please do a git pull before running next tests.
from scirius.
rm -rf git-sources && git pull
and restarting server did not solve the problem - still the same issues
from scirius.
Do you have any log on console side ? Is suricata binary in the path ? The second message "Error during source update" (should be source testing) could be explained by that.
from scirius.
That's what I've got for Community rules:
Then I pressed yellow button and…
shell log:
Quit the server with CONTROL-C.
/usr/local/lib/python2.7/site-packages/django_tables2/tables.py:178: RemovedInDjango19Warning: SortedDict is deprecated and will be removed in Django 1.9.
extra = SortedDict()
[07/Aug/2015 06:06:48]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:06:48]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:06:48]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:06:48]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:06:50]"POST /rules/source/add HTTP/1.1" 200 18303
[07/Aug/2015 06:06:50]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:06:50]"GET /rules/es?query=dashboards HTTP/1.1" 200 2
[07/Aug/2015 06:06:50]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:06:50]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:06:50]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:06:53]"GET /rules/source/8/update HTTP/1.1" 200 16
[07/Aug/2015 06:06:53]"GET /rules/source/8/test HTTP/1.1" 200 302
[07/Aug/2015 06:07:20]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:07:20]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:07:20]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:07:20]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:07:50]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:07:50]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:07:50]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:07:50]"GET /rules/info?query=disk HTTP/1.1" 200 47
/usr/local/lib/python2.7/site-packages/django/utils/datastructures.py:154: RemovedInDjango19Warning: SortedDict is deprecated and will be removed in Django 1.9.
for key, value in self.items()])
from scirius.
This is for VRT:
Log:
Quit the server with CONTROL-C.
/usr/local/lib/python2.7/site-packages/django_tables2/tables.py:178: RemovedInDjango19Warning: SortedDict is deprecated and will be removed in Django 1.9.
extra = SortedDict()
[07/Aug/2015 06:22:14]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:22:14]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:22:14]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:22:14]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:22:21]"POST /rules/source/add HTTP/1.1" 200 18288
[07/Aug/2015 06:22:21]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:22:21]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:22:21]"GET /rules/es?query=dashboards HTTP/1.1" 200 2
[07/Aug/2015 06:22:21]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:22:21]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:22:51]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:22:51]"GET /rules/info?query=disk HTTP/1.1" 200 47
[07/Aug/2015 06:22:51]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:22:51]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:23:28]"GET /rules/es?query=health HTTP/1.1" 500 15089
[07/Aug/2015 06:23:28]"GET /rules/info?query=status HTTP/1.1" 500 15097
[07/Aug/2015 06:23:28]"GET /rules/info?query=memory HTTP/1.1" 500 15097
[07/Aug/2015 06:23:28]"GET /rules/info?query=disk HTTP/1.1" 500 15091
[07/Aug/2015 06:23:45]"GET /rules/source/9/update HTTP/1.1" 200 16
- Broken pipe from ('127.0.0.1', 62747)
[07/Aug/2015 06:23:58]"GET /rules/es?query=health HTTP/1.1" 200 349
[07/Aug/2015 06:23:58]"GET /rules/info?query=status HTTP/1.1" 200 18
[07/Aug/2015 06:23:58]"GET /rules/info?query=memory HTTP/1.1" 200 94
[07/Aug/2015 06:23:58]"GET /rules/info?query=disk HTTP/1.1" 200 47
from scirius.
So community is OK. Some of the snort rules are not correct so error are not a surprised.
On vrt side, how long does it takes you to download them ? You may exceed the defined timeout.
from scirius.
Yeah, takes a few minutes
from scirius.
Actually when I create "Suricata" and select all (update, build,push) options, and the output file is set to my suricata rules folder (/usr/local/etc/suricata/rules) it creates not only a scirius.rules file but also another rules folder inside the /usr/local/etc/suricata/rules so like this:
/usr/local/etc/suricata/rules/rules/
/usr/local/etc/suricata/rules/scirius.rules
Is it normal?
from scirius.
And what "push" supposed to do? Restart the daemon? Should it somehow interact with suricata through the unix socket? Or just do something like
launchctl unload suricata.daemon.plist && launchctl unload suricata.daemon.plist
?
from scirius.
Yes and no: scirius is not supposed to run as root so it can not restart a service. For that it is using a 'command' file to warn the suri_reloader script that a restart is needed.
In that script you can or use a signal (to trigger a reload of rules) or do a system restart. For now only 'service suricata restart' is run. So you may need to tune/patch this script for MacOSX.
from scirius.
Related Issues (20)
- No Capture stats, Memory usage and problem indicators statisctics using the new scirius version HOT 8
- Error add public source HOT 7
- KeyError on Hunt whith latest django-webpack-loader (v1.0.0)
- First start issue HOT 5
- Python 2.7???? HOT 5
- does scirius fetch dashboard from kibana? HOT 1
- Scirius CE v3.7.0 GUI problem in safari 15 HOT 2
- docker: Get cyberchef pre-installed in the docker image HOT 2
- Failed to minify the code from this file: ./node_modules/patternfly-react/dist/esm/common/helpers.js:14 HOT 1
- Logging with python requests library error: Forbidden(403) CSRF verification failed HOT 1
- USE_KIBANA/ELASTICSEARCH=0 ignored, still tries to connect HOT 2
- Set python_requires and clarify Python support
- Number of rules on the source page never increments during updates in Scirius
- How to show more than 20 last rules activity in scirius?
- Batch activate commented rules
- Unable to Build Docker Image
- Fails on sources updating HOT 3
- Suricata won't restart after build & push ruleset HOT 3
- Install issues
- Error reading webpack-stats.prod.json
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scirius.