[Snort-users] PulledPork puts empty snort.rules file in rules dir

JJC cummingsj at ...11827...
Tue Nov 22 16:52:45 EST 2011


What does -vv produce when running pulled pork?

Sent from my iPad

On Nov 22, 2011, at 15:36, codeforfun <codeforfun at ...10619...> wrote:

> I am using PulledPork 0.6.1 on Windows XP to update my snort rules.
> 
> I have managed to get PulledPork to download the rules to a tmp dir on 
> my local computer ("snortrules-snapshot-2900.tar.gz"). With the file 
> size of 27,091KB
> 
> But when it comes to updating the c:\snort\rules dir, it only seems to 
> place one empty file into this dir, the file is called "snort.rules" 
> file size 0KB.
> 
> Could someone please point me in the right direction to how i can solve 
> this issue?
> 
> You can read my pulledpork.conf file here: http://ctrlv.it/id/MjcwNDk1
> This is the command i am using to run PulledPork = "pulledpork.pl -c 
> ./etc/pulledpork.conf -v"
> 
> I have been working on this for around 3days now. I have also read the 
> pulledpork "README" file and the "snort\doc\README.*" files. But i 
> really need some more help.
> 
> 
> The output from PulledPork looks like this:
> 
> Setting Flowbit State....
>         Done
> Writing C:\snort\rules\snort.rules....
>         Done
> Generating sid-msg.map....
>         Done
> Writing C:\snort\sid-msg.map....
>         Done
> Writing C:\snort\sid_changes.log....
>         Done
> Rule Stats....
>         New:-------0
>         Deleted:---0
>         Enabled Rules:----0
>         Dropped Rules:----0
>         Disabled Rules:---0
>         Total Rules:------0
>         Done
> Please review C:\snort\sid_changes.log for additional details
> Fly Piggy Fly!
> 
> 
> 
> CodeForFun
> 
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity, and more. Splunk takes this 
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list