[Snort-users] Intermittent Pulled Pork Error

Weir, Jason jason.weir at ...14916...
Wed Feb 16 15:07:57 EST 2011


Snort 2.9.0.4 and PP were installed at the same time on a fresh box and
2.9.0.4 is specified in pulledpork.conf

-J

> -----Original Message-----
> From: JJC [mailto:cummingsj at ...11827...] 
> Sent: Wednesday, February 16, 2011 3:02 PM
> To: Weir, Jason
> Cc: Nigel Houghton; Snort Users
> Subject: Re: [Snort-users] Intermittent Pulled Pork Error
> 
> 
> When did you upgrade your snort version?  PP will read the version
> that you are running and attempt to fetch the ruleset for that
> specific version, unless you specify the version string in the pp
> config file.
> 
> JJC
> 
> On Wed, Feb 16, 2011 at 11:47 AM, Weir, Jason 
> <jason.weir at ...14916...> wrote:
> > FYI - PP did not error out at 6, 8, and 10PM last night or 
> 8AM and Noon
> > today...
> >
> > -J
> >
> >> -----Original Message-----
> >> From: Nigel Houghton [mailto:nhoughton at ...1935...]
> >> Sent: Wednesday, February 16, 2011 1:38 PM
> >> To: Weir, Jason
> >> Cc: Snort Users
> >> Subject: Re: [Snort-users] Intermittent Pulled Pork Error
> >>
> >>
> >> On Wed, 16 Feb 2011 13:32:45 -0500, Nigel Houghton wrote:
> >> > On Wed, 16 Feb 2011 13:05:09 -0500, Weir, Jason wrote:
> >> >> Doesn't happen all of the time...
> >> >>
> >> >> Error 500 when fetching
> >> >>
> >> 
> https://www.snort.org/reg-rules/snortrules-snapshot-2904.tar.gz.md5 at
> >> >> /usr/local/bin/pulledpork.pl line 390
> >> >>
> >> >> -J
> >> >
> >> > That's not a PulledPork error, that's a website error. The
> >> file isn't
> >> > there, which strictly speaking shouldn't be a 500 server 
> error, but
> >> > since the application that handles looking for the file
> >> can't find it,
> >> > the server will return the application error instead of a
> >> 404 not found.
> >> >
> >> > With that said, I'll forward this to our Snort web team for
> >> > investigation.
> >>
> >> Actually, no I won't. After looking at snort.org I see that
> >> the 2.9.0.4
> >> rule set is not yet available for registered users. So, 
> you'll get a
> >> 404 (or 500) for the rules file too.
> >>
> >> You can fix this for future use by using
> >> snortrules-snapshot-edge.tar.gz as the name of your rules 
> file. That
> >> way, you will get the latest version of rules for either
> >> registered or
> >> subscriber rules automatically. Right now, for registered 
> users this
> >> will be a 2.9.0.3 rule set. Which should work with 2.9.0.4.
> >>
> >> Now, per the rules of the drinking game, I will be taking a
> >> shot or two
> >> for replying to my own email.
> >>
> >> --
> >> Nigel Houghton
> >> Head Mentalist
> >> SF VRT Department of Intelligence Excellence
> >> http://vrt-blog.snort.org/ && http://labs.snort.org/
> >>
> >
> >
> > 
> ______________________________________________________________
> _______________________________
> >
> > Please visit www.nhrs.org to subscribe to NHRS email 
> announcements and updates.
> > 
> --------------------------------------------------------------
> ----------------
> > The ultimate all-in-one performance toolkit: Intel(R) 
> Parallel Studio XE:
> > Pinpoint memory and threading errors before they happen.
> > Find and fix more than 250 security defects in the 
> development cycle.
> > Locate bottlenecks in serial and parallel code that limit 
> performance.
> > http://p.sf.net/sfu/intel-dev2devfeb
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
> 
> 
> ______________________________________________________________
> _______________________________
> 
> Please visit www.nhrs.org to subscribe to NHRS email 
> announcements and updates.
> 


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.


More information about the Snort-users mailing list