[Snort-users] Extracting snortrules-2931.tar.gz

Jeremy Hoel jthoel at ...11827...
Tue Oct 9 16:17:57 EDT 2012


And like i said in the email before you responded, you can find the
file name right from the website.. when you click download rules.
http://snort.org/snort-rules/?

Snort v2.9
MD5 - 09 Oct, 2012
snortrules-snapshot-2931.tar.gz
MD5 - 09 Oct, 2012
snortrules-snapshot-2912.tar.gz
MD5 - 09 Oct, 2012
snortrules-snapshot-2923.tar.gz
MD5 - 09 Oct, 2012
snortrules-snapshot-2930.tar.gz



It's right there.. you just have to look at the page.  Reading is fundamental.




On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride at ...11827...> wrote:
> we dont know the file name!!! sheshh
>
> On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:
>> The page shows:
>>
>> wget http://www.snort.org/sub-rules/<filename>/<oinkcode here> \
>>              -O <output-filename>
>>
>>
>> It's pretty clear.  put the proper, correct, current filename where is
>> says filename and things work.  They shouldn't have to hold hands and
>> walk through the whole thing.
>>
>> When you try and use examples you have to expect and realize that the
>> example might be out of date and maybe try and figure out what it
>> might take to make it work.
>>
>>
>>
>> On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride <allowoverride at ...11827...> wrote:
>> > when i say something doesnt work, i mean, it doesnt work:
>> >
>> > wget
>> > http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09 12:44:42--  http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry
>> > Resolving www.snort.org... 23.23.170.170
>> > Connecting to www.snort.org|23.23.170.170|:80... connected.
>> > HTTP request sent, awaiting response... 403 Forbidden
>> > 2012-10-09 12:44:42 ERROR 403: Forbidden.
>> >
>> > wget
>> > http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
>> > --2012-10-09 12:45:54--
>> > http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
>> > Resolving www.snort.org... 23.23.143.143
>> > Connecting to www.snort.org|23.23.143.143|:80... connected.
>> > HTTP request sent, awaiting response... 403 Forbidden
>> > 2012-10-09 12:45:56 ERROR 403: Forbidden.
>> >
>> > and just for good measure
>> >
>> > wget
>> > http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden
>> > --2012-10-09 12:47:03--
>> > http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again
>> > Resolving www.snort.org... 23.23.170.170
>> > Connecting to www.snort.org|23.23.170.170|:80... connected.
>> > HTTP request sent, awaiting response... 403 Forbidden
>> > 2012-10-09 12:47:04 ERROR 403: Forbidden.
>> >
>> >
>> > now. the last one shouldn't work, becuz im not a register user
>> > the sub rules works if you know what you are doing...
>> >
>> > If you include 2931 inplace of 2900 it will work, only if you are in the
>> > system for oinkcode. BUT, that is not what is autopopulated for you on
>> > the oinkcode page. it says, 2900. it wont work.
>> >
>> > all i am saying fix is, change it to reflect the CURRENT version. thats
>> > all. not everyone will catch it, and ya know, end up asking the question
>> > here.
>> >
>> > let's let the developers put the current version as well. takes what, 2
>> > seconds and saves users HOURS of wtf.. headaches...
>> >
>> > thanks
>> >
>> >
>> >
>> > On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel wrote:
>> >> The link he was using worked fine for me. I tested the get and got the
>> >> rules with no no problem.. with the link he had. His problem is not
>> >> related to a bad link.
>> >>
>> >> The examples show that you need a file name
>> >> (http://snort.org/snort-rules/cli) and when you go to the page before,
>> >> the main download page (http://snort.org/snort-rules/?), it shows the
>> >> file names. They are not trying to make this overly confusing and
>> >> hard.. but it does require some effort and understanding on the
>> >> installers part. Or, you could sign in and grab them from the gui, or
>> >> use pullpork.  3 different methods to get the rules..
>> >>
>> >> The examples are generic enough that they don't have to change
>> >> whenever the rule file changes.  Lets let the developers work on
>> >> keeping the software fixed and nor worry about the web page not having
>> >> the most specific instructions.
>> >>
>> >>
>> >> On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride at ...11827...> wrote:
>> >> > jer,
>> >> > i tried the preferred method displayed on oinkcode page.
>> >> > it doesnt work for sub/reg unless you know to put 2931. also, other
>> >> > methods of wget'ing the url according to docs are supposed to work but
>> >> > do not, unless know the exact file name, and thats not always easy to
>> >> > find on the ftp site, or by other methods.
>> >> >
>> >> > just a heads up, that kept me off task for a few days trying to figure
>> >> > it out.
>> >> >
>> >> > suggestion... fix the examples on the oinkcode page.
>> >> >
>> >> >
>> >> >
>> >> > On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:
>> >> >> The answer is in the text file that you sent back.
>> >> >>
>> >> >> 2012-10-04 14:07:24 ERROR 403: Forbidden.
>> >> >>
>> >> >> so however you tried to get the file, it didn't work.  If you used
>> >> >> wget and an oink code then you need to check the code.
>> >> >>
>> >> >>
>> >> >> On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 at ...131...> wrote:
>> >> >> > Here is what i gath after running cat....
>> >> >> >
>> >> >> > --2012-10-04 14:07:23--  http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
>> >> >> > Resolving www.snort.org... 23.23.170.170
>> >> >> > Connecting to www.snort.org|23.23.170.170|:80... connected.
>> >> >> > HTTP request sent, awaiting response... 403 Forbidden
>> >> >> > 2012-10-04 14:07:24 ERROR 403: Forbidden.
>> >> >> >
>> >> >> >
>> >> >> > What do u think?
>> >> >> >
>> >> >> >
>> >> >> > --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...> wrote:
>> >> >> >
>> >> >> >> From: Jeremy Hoel <jthoel at ...11827...>
>> >> >> >> Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
>> >> >> >> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
>> >> >> >> Cc: snort-users at lists.sourceforge.net
>> >> >> >> Date: Tuesday, October 9, 2012, 11:53 AM
>> >> >> >> to check the size of a file, go to
>> >> >> >> the directory where the file is and
>> >> >> >> run 'ls -al'.
>> >> >> >>
>> >> >> >> But since 'file' said it's text and not a tar.gz or zip
>> >> >> >> file, then
>> >> >> >> that's the problem.  Your download is not correct.
>> >> >> >>
>> >> >> >> go ahead and run 'cat snortrules-2931.tar.gz'
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 at ...131...>
>> >> >> >> wrote:
>> >> >> >> > I replied the email you sent earlier saying that i
>> >> >> >> didnt know how to check for te size of the file. But i did
>> >> >> >> rule the command u asked me here is the response
>> >> >> >> >
>> >> >> >> > snortrules-2931.tar.gz: ASCII text
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...>
>> >> >> >> wrote:
>> >> >> >> >
>> >> >> >> >> From: Jeremy Hoel <jthoel at ...11827...>
>> >> >> >> >> Subject: Re: [Snort-users] Extracting
>> >> >> >> snortrules-2931.tar.gz
>> >> >> >> >> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
>> >> >> >> >> Cc: snort-users at lists.sourceforge.net
>> >> >> >> >> Date: Tuesday, October 9, 2012, 11:46 AM
>> >> >> >> >> You never got back to me about the
>> >> >> >> >> size of the file and if the file
>> >> >> >> >> was complete.
>> >> >> >> >>
>> >> >> >> >> the error makes it sound like it's not a tar.gz
>> >> >> >> file.
>> >> >> >> >>
>> >> >> >> >> you need to very you got the whole file and that
>> >> >> >> it's not
>> >> >> >> >> just a text error.
>> >> >> >> >>
>> >> >> >> >> run 'file snortrules-2931.tar.gz' and see what it
>> >> >> >> says.
>> >> >> >> >>
>> >> >> >> >> On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru
>> >> >> >> <fashman2k1 at ...131...>
>> >> >> >> >> wrote:
>> >> >> >> >> > Hello everyone,
>> >> >> >> >> >  I am still having problems extracting
>> >> >> >> >> snortrules-2931.tar.gz
>> >> >> >> >> >
>> >> >> >> >> > tar -xzvf snortrules-2931.tar.gz
>> >> >> >> >> >> I get this erro message
>> >> >> >> >> >>
>> >> >> >> >> >> zip: stdin: not in gzip format
>> >> >> >> >> >>
>> >> >> >> >> >> tar: Child returned status 1
>> >> >> >> >> >>
>> >> >> >> >> >> tar: Error is not recoverable: exiting
>> >> >> >> now
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >>
>> >> >> >> ------------------------------------------------------------------------------
>> >> >> >> >> > Don't let slow site performance ruin your
>> >> >> >> business.
>> >> >> >> >> Deploy New Relic APM
>> >> >> >> >> > Deploy New Relic app performance management
>> >> >> >> and know
>> >> >> >> >> exactly
>> >> >> >> >> > what is happening inside your Ruby, Python,
>> >> >> >> PHP, Java,
>> >> >> >> >> and .NET app
>> >> >> >> >> > Try New Relic at no cost today and get our
>> >> >> >> sweet Data
>> >> >> >> >> Nerd shirt too!
>> >> >> >> >> > http://p.sf.net/sfu/newrelic-dev2dev
>> >> >> >> >> >
>> >> >> >> _______________________________________________
>> >> >> >> >> > Snort-users mailing list
>> >> >> >> >> > Snort-users at lists.sourceforge.net
>> >> >> >> >> > Go to this URL to change user options or
>> >> >> >> unsubscribe:
>> >> >> >> >> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> >> >> >> >> > Snort-users list archive:
>> >> >> >> >> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >> >> >> >> >
>> >> >> >> >> > Please visit http://blog.snort.org to stay current on
>> >> >> >> >> all the latest Snort news!
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >> >> ------------------------------------------------------------------------------
>> >> >> Don't let slow site performance ruin your business. Deploy New Relic APM
>> >> >> Deploy New Relic app performance management and know exactly
>> >> >> what is happening inside your Ruby, Python, PHP, Java, and .NET app
>> >> >> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
>> >> >> http://p.sf.net/sfu/newrelic-dev2dev
>> >> >> _______________________________________________
>> >> >> Snort-users mailing list
>> >> >> Snort-users at lists.sourceforge.net
>> >> >> Go to this URL to change user options or unsubscribe:
>> >> >> https://lists.sourceforge.net/lists/listinfo/snort-users
>> >> >> Snort-users list archive:
>> >> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >> >>
>> >> >> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> >> >
>> >
>




More information about the Snort-users mailing list