[Snort-users] rule download problem

JJC cummingsj at ...11827...
Tue Jun 29 11:37:25 EDT 2010


Parker,

I'll look into it.. of course I can't reproduce the issue.  Are you doing
any type of egress filtering / blocking of sites etc?

JJC

On Tue, Jun 29, 2010 at 9:35 AM, Crook, Parker <Parker_Crook at ...14786...>wrote:

>  JJ,
>
>
>
> I’ve waited the morning out to see if this would clear up, but I’ve been
> ping-ponging back and forth between 501 and 403 errors when using the Pulled
> Pork svn to try and download the new rules.  Below is the verbose output…
> any words of advice here?
>
>
>
> snort-lab:/etc/snort/pulledpork# ./pulledpork.pl -c etc/pulledpork.conf
> -vv
>
>
>
>     http://code.google.com/p/pulledpork/
>
>       _____ ____
>
>      `----,\    )
>
>       `--==\\  /    Pulled_Pork v0.4.2
>
>        `--==\\/
>
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2010 JJ Cummings
>
>   @_/        /  66\_  cummingsj at ...11827...
>
>     |    \   \   _(")
>
>      \   /-| ||'--'  Rules give me wings!
>
>       \_\  \_\\
>
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> Command Line Variable Debug:
>
>         Config Path is: etc/pulledpork.conf
>
>         Verbose Flag is Set
>
>         Extra Verbose Flag is Set
>
> Config File Variable Debug etc/pulledpork.conf
>
>         snort_path = /usr/local/bin/snort
>
>         pid_path = /var/run/snort_eth0.pid
>
>         rule_path = /etc/snort/rules/snort.rules
>
>         ignore = deleted,experimental,local
>
>         rule_file = snortrules-snapshot-2860.tar.gz
>
>         sid_changelog = /var/log/sid_changes.log
>
>         sid_msg = /etc/snort/sid-msg.map
>
>         config_path = /etc/snort/snort.conf
>
>         sostub_path = /etc/snort/rules/so_rules.rules
>
>         oinkcode = <oinkcode obfuscated>
>
>         temp_path = /tmp
>
>         distro = Debian-Lenny
>
>         base_url = http://www.snort.org/
>
>         sorule_path = /usr/local/lib/snort_dynamicrules/
>
>         version = 0.4.2
>
>         disablesid = /usr/local/etc/snort/disablesid.conf
>
>         local_rules = /etc/snort/rules/local.rules
>
> Checking latest MD5....
>
>         Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5
>
>         most recent rules file digest: b3cb777fac21999675e8cf5696865fa5
>
>         current local rules file  digest: 4a7877208481756881a66f7cadcff98b
>
>         The MD5 for snortrules-snapshot-2860.tar.gz did not match the
> latest digest... so I am gonna fetch the latest rules file!
>
> Rules tarball download....
>
>         Fetching rules file: snortrules-snapshot-2860.tar.gz
>
>         Error 501 when fetching snortrules-snapshot-2860.tar.gz at ./
> pulledpork.pl line 262.
>
>
>
> -Parker
>  ------------------------------
>
> *From:* JJC [mailto:cummingsj at ...11827...]
> *Sent:* Tuesday, June 29, 2010 10:32 AM
> *To:* John York
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] rule download problem
>
>
>
> The rule download location has changed, you will want to get the latest
> version of pulledpork from svn (0.4.2) or wait until the tarball is released
> shortly.
>
>
>
> JJC
>
> On Tue, Jun 29, 2010 at 7:25 AM, John York <YorkJ at ...7109...> wrote:
>
> I've been using PulledPork (v 0.4.1 Stumbling Leprechaun) to get my rules,
> but in the last week or so it has started giving this error:
> Error 403 when fetching
> http://www.snort.org/pub-bin/oinkmaster.cgi/snortrules-snapshot-2860_s.tar.gz.md5at /home/xxxx/snortrules/pulledpork/
> pulledpork.pl line 306
>
> It does this even if I wait several hours between attempts, so I don't
> think the 15 min limit is involved.
>
> These are the applicable lines from the conf file:
> base_url=http://www.snort.org/pub-bin/oinkmaster.cgi
> rule_file=snortrules-snapshot-2860_s.tar.gz
>
> My subscription is up to date--I can log in to the web site and download
> the rules ok.  Any ideas?
>
> Thanks
> John
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100629/354d65a3/attachment.html>


More information about the Snort-users mailing list