Since I updated to core 169. Emerging threats rules are not updating
When I force update I get error on top of the page
emerging - No update required - The ruleset is up to date.
IPFire 2.27 (x86_64) - Core Update 169
Using rules: ET Community, Abuse.ch SSLBL Blacklist Rules
These are the only errors I see in the System Log- IPS
[ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "dnp3" cannot be used in a si gnature. Either detection for this protocol is not yet supported OR detection h as been disabled for protocol through the yaml option app-layer.protocols.dnp3.d etection-enabled
suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 an y any -> any any (msg:"SURICATA DNP3 Request flood detected"; app-layer-ev ent:dnp3.flooded; classtype:protocol-command-decode; sid:2270000; rev:2;)" from file /usr/share/suricata/rules/dnp3-events.rules at line 7
suricata: [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "dnp3" cannot be used in a si gnature. Either detection for this protocol is not yet supported OR detection h as been disabled for protocol through the yaml option app-layer.protocols.dnp3.d etection-enabled
after I forced update for the ET-Community, I got around 30000 errors in the system log.
Automatic or forced Update for the Abusech SSL list seems to work fine,
That may be because there has been no update since 2022-07-20 23:57:47 which is the last update status I have for my system. What date do you have for your last update?
Abuse.ch was last updated on 2022-07-21 14:48:19
My CU169 was done back on July 12th so Emerging Threats has certainly been updated since then.
I suspect that there is no update since 21st July because Emerging Threats have not issued one.
Working OK here.
I upgraded several systems to C169 last week and IPS rules have updated normally several times.
Using ET Community Rules. Latest update on all is 2022-07-21 15:31:36 There is more log noise from Suricata default protocol rules since C169 as mentioned elsewhere.